News
This new consumer data protection law has far-reaching consequences for online businesses and are designed to protect the interests and data of Californian citizens
The State Legislator is especially targetting data vendors of a reasonable size and so, if your business meets just one of the three minimum requirements you will have to comply accordingly:
- have an annual gross revenue exceeding $25 million,
- derive 50% or more of your annual revenues from selling consumers' personal information,
- buy, receive, sell, or share the personal information of 50,000 or more California residents, households or devices a year
However, this means that if you have a small business that makes under $25 million a year, and if less than half of your business income relies on selling personal information to third parties, and if your business does not sell more than fifty-thousand Californians' personal information, the CCPA does not apply to you.
Even though MemberGate does not meet any of those attributes, we still reviewed and updated our Cookie Notice and Data Policies to avoid confusion - you can review this on our Privacy Policy page
We use our Cookie Consent pop up - powered by MemberGate Cookie Notice - to inform California residents and "activists" that we do not fall under the purview of the CCPA
(This is important as the CCPA allows third party agencies and "activists" to act on behalf of consumers - which could lead to unecessary emails, calls and administration)
MemberGate does not have revenues exceeding $25 million per annum
Nor are we part of a larger firm or any other co-brand organisation for aggregate revenue
MemberGate is not a Data Vendor - we do not sell data
It's not our business at all and therefore not 50%of our revenues
We do not buy, recieve, sell or share any personal data
Our software collects data to allow us more insight on the operation and function of the business and services we provide
As a supplier, we provide support to our clients on a Software As A Service basis which requires a functional and contractual permission to access the MemberGate powered site to offer support either by guidance or code a fix as required
We already operate to high standards of data security as would be expected given the nature of our business, but wherever possible we raise the bar for the memberGate platform so that subscribers on any site can expect the highest standards of data protection - for example, updating all sites to use Password Reset instead of the outmoded SendPass routine, forcing strong passwords on all users and deploying HTTPS on all pages
MemberGate has a long history of securing our clients and their member data, not only with the software we provide but also how the team respects and treats data
And we will continue to use best practice: "CCPA is an opportunity to reduce the risk of being the victim of a data scandal caused by poor privacy practices"
In the next month, ALL sites should consider if they will be accountable to the new CCPA laws and if so, complete a Data Audit, update their Privacy Policy and inform their members and site visitors accordingly
If your business does meet ONE of the three attributes, then you should get your own legal advice to be CCPA compliant, and in any event update your privacy policy to include:
- A description of the rights to (request disclosure, deletion) and how to exercise these right.
- List of categories of personal information that the business collects, sells and discloses. This list must be updated every 12 months.
- Maintain a toll-free phone number listed on your portal page and webpage for exercising this right.
Your business must ensure the following rights:
As yet it's unclear how a business will be expected to prove it does not meet the minimum requirements to fall under the purview of the CCPA and who will police that aspect