To stay compliant with the California Consumer Privacy Act (CCPA), companies must receive consent before collecting data from their users and dropping cookies on their browsers. Users must be informed on what cookies are present and what their purpose is so they can make an informed decision whether to opt-in or opt-out of cookies.
The CCPA is designed to shield consumers from the most aggressive forms of data mining operations and if you do any kind of business with residents of California, the CCPA will have a significant effect on how you collect, use, and store consumer data. Also, it is important to note that the CCPA states California residents have the right to request a detailed account of what information companies have collected on them over the span of the last 12 months.
If your website fails to comply with CCPA and its requirements, there can be serious consequences. Security incidents where a California resident's personal data is intentionally (or unintentionally) sold, purchased, or transferred without their consent can lead to damages ranging from $100 to $750 per incident. If your website is performing well and has many visitors, the numbers can be astronomical. To put that into perspective, revealing the personal user information of 15,000 California residents could lead to a minimum fine of $1.5 million and further damages can far exceed this amount.