The CCPA has a specific requirement for businesses that process personal data: they need to provide a toll-free number to their users.
But why do they need to have a toll-free number? And does this requirement affect all businesses?
Under CCPA, and also under the CPRA (the CCPA amendment), users have different rights that they can exercise at any time. One of these is the right to access: users can request a business that collects and process their personal information to access the data they have about them.
As a business, you must provide consumers with two or more methods for submitting access requests. These methods can vary from business to business, but must include, at a minimum, a toll-free number and, if the business has a website, the website address.
📌 The toll-free number requirement is also included in the new CCPA amendment, the California Privacy Rights Act (CPRA).
Yes, there are.
An amendment of the CCPA published on October 2019 by the California Attorney General added some exceptions to this requirement. More specifically, a business can avoid providing a toll-free number if:
If your business meets both these requirements, then you can provide an email address and your website address for your users to submit their requests.
Besides the CCPA’s requirements, new privacy laws are being enforced across the US: California’s CPRA, Virginia’s VCDPA, Colorado’s CPA and many more.
If you’re doing business in the US, you may need to comply.
iubenda’s set of solutions is designed to help you comply across multiple legislations in the easiest way.
