%20--%3e%3cg%3e%3cg%20id='Logotype'%3e%3cg%3e%3cpath%20fill='%23141313'%20d='M46.37,250.9L136.63,28.98H0v237.25C0,296.87,21.93,318.83,52.56,318.83v-.03h160.64v-154.45l-156.9,95.23c-5.8,3.71-12.82-2.05-9.94-8.68Z'/%3e%3cpath%20fill='%23141313'%20d='M347.35,104.3c-68.33,0-115.93,44.71-115.93,108.91s47.6,108.9,115.93,108.9,115.93-44.72,115.93-108.9-47.6-108.91-115.93-108.91ZM347.35,255.04c-24.41,0-42.23-17.39-42.23-41.8s17.79-41.83,42.23-41.83,42.23,17.39,42.23,41.83-17.79,41.8-42.23,41.8Z'/%3e%3cpath%20fill='%23141313'%20d='M633.86,118.01c0,3.31-3.71,3.31-7.02,1.66-18.22-9.54-32.29-15.3-53-15.3-56.71,0-95.62,42.66-95.62,108.08s39.32,109.7,93.14,109.7v-.03c21.93,0,35.61-7.02,56.31-19.87,3.71-2.48,8.28-1.66,6.19,3.71l-5.36,12.85h86.51V28.98h-81.15v89.03ZM594.11,255.04c-24.41,0-42.23-17.39-42.23-41.8s17.79-41.83,42.23-41.83,42.23,17.39,42.23,41.83-17.79,41.8-42.23,41.8Z'/%3e%3cpath%20fill='%23141313'%20d='M1406.03,107.65l-23.58,112.61c-1.66,8.68-11.59,9.11-13.65-.4l-24.84-112.22h-94.79c-39.32,0-51.74-11.99-51.74-29.81s10.33-28.15,27.72-28.15c20.27,0,30.64,16.16,32.69,32.29h79.5C1325.35,29.38,1286.43,0,1230.52,0,1168.85,0,1130.32,36.04,1130.32,91.09v16.56h-44.71v67.07h44.71v144.08h81.15v-143.68h70.23l46.53,124.21c3.31,8.28,2.88,17.39-.4,26.1l-28.55,68.73h80.25l120.47-286.51h-93.97Z'/%3e%3cpath%20fill='%23141313'%20d='M886.41,117.98c0,3.31-3.71,3.31-7.02,1.66-19.87-9.94-34.35-15.3-54.65-15.3-60.45,0-93.97,49.29-93.97,107.65,0,64.59,37.26,98.54,87.77,98.54,23.19,0,40.57-7.02,62.1-19.47,5.37-3.31,9.51-.4,7.45,4.57-9.11,20.7-28.55,31.47-59.62,31.47h-83.2v67.07h98.5c72.04,0,123.78-47.63,123.78-114.67V107.65h-81.15v10.33ZM846.67,255.04c-24.41,0-42.23-17.39-42.23-41.8s17.79-41.83,42.23-41.83,42.23,17.39,42.23,41.83-17.79,41.8-42.23,41.8Z'/%3e%3cpath%20fill='%23141313'%20d='M1026.35,18.18c-26.1,0-44.71,16.16-44.71,39.35s18.61,39.35,44.71,39.35,44.72-16.16,44.72-39.35-18.62-39.35-44.72-39.35Z'/%3e%3crect%20fill='%23141313'%20x='985.78'%20y='107.65'%20width='81.15'%20height='211.15'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
What is CCPA (California Consumer Privacy Act)?
The CCPA (California Consumer Privacy Act) is a landmark privacy regulation enacted in California, effective from January 1, 2020. It provides California consumers with new rights regarding their personal data, including the right to know what information is being collected, the right to have that data deleted, and the right to opt-out of the sale of their personal information.
For vacation rental businesses, CCPA applies if they meet certain thresholds and process the data of California residents, requiring specific data management and transparency practices.
Join the Lodgify newsletter
How it works
A vacation rental business must comply with CCPA if it operates for-profit in California and meets one of several criteria, such as having annual gross revenues over $25 million or processing the personal data of over 100,000 California residents. Compliance involves updating the business's privacy policy to explicitly state what guest data is collected, how it's used, and with whom it's shared.
Operators must also provide at least two methods for consumers to submit requests to access, delete, or opt-out of the sale of their information. For instance, hosts using a direct booking website, perhaps created with a website builder, must ensure their online forms and privacy notices are CCPA compliant.
This includes data collected from inquiry forms, booking engines, and guest communication logs.
Why it matters
Complying with the CCPA is critical for applicable vacation rental businesses to avoid substantial fines for non-compliance, which can be levied per violation. Beyond the legal requirement, adherence to CCPA principles demonstrates a commitment to guest privacy, which can build trust and enhance a brand's reputation.
As data privacy becomes a growing concern for travelers, transparent data handling practices can serve as a competitive differentiator and foster guest loyalty. See the official website for current details.
Examples
- A property management company in Arizona has many guests who are California residents and its annual gross revenue exceeds $25 million. It must implement procedures for these guests to request a copy of their data and have it deleted upon request.
- A host with a direct booking website for a single cabin in Big Bear, California, uses third-party analytics cookies that could be considered a 'sale' of data under CCPA. They must add a 'Do Not Sell My Personal Information' link to their website footer.
- A guest who stayed at a compliant San Diego rental last year submits a verifiable consumer request to delete their personal data. The rental company must erase the guest's information from its systems within 45 days, except for data it is legally required to retain, such as for tax records.
- A multi-property operator in Palm Springs updates their website's privacy policy to include a new section detailing the rights of California residents, how they can exercise those rights, and what categories of personal information have been collected in the past 12 months.
Frequently asked questions
Does the CCPA apply to all vacation rental businesses?+
What kind of guest information does the CCPA cover?+
How is the CCPA different from Europe's GDPR?+
As a host, am I 'selling' guest data under the CCPA?+
Related terms
GDPR Compliance
GDPR compliance refers to adhering to the General Data Protection Regulation, a set of European Union laws governing how businesses must collect, process, and…
Privacy Policy
A Privacy Policy is a legal document explaining how a vacation rental business collects, uses, stores, and protects personal data from guests and website…
Cookie Consent
Cookie consent is the process of informing website visitors about the use of cookies and obtaining their explicit permission before storing or accessing data…
PCI Compliance
PCI Compliance refers to the set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information…