Effective Jan. 1, 2020, the California Consumer Privacy Act (CCPA) is an advocacy bill passed with the sole purpose of giving California residents information and control regarding the collection and sale of their personal information. This blog will discuss what you need to consider in your CCPA compliance checklist.
The law affords all California-based consumers the right to request access to and deletion of individual information a specific company has stored in its database.
The law also allows consumers access to the categories of third-party vendors with whom their data was shared. Lastly, the state law allows the Attorney General to pursue litigation and seek punitive damages if it has discovered the company violated privacy guidelines.
Staying in compliance is extremely important—especially since the state statute outlines the Attorney General has the right to sue corporations that have violated the law.
Building a preventive plan with regular CCPA compliance checkpoints is the best way to protect your company’s reputation and good standing.
What CCPA Compliance Means for You
Currently, the CCPA applies to all for-profit companies that conduct business in California that collect and determine the purpose and means for processing consumers’ personal information.
Along with the aforementioned, said companies must also fall within one of the following categories:
- Buys or sells the personal information of 50,000 or more individual consumers or households
- Generates more than 50% of annual revenue from selling consumers’ personal data
- Has annual revenue grossing greater than $25 million (USD)
Businesses are required to enforce internal security protocols focused on protecting consumer data. Additionally, here are 5 surefire ways to stay within the boundaries of the law:
#1 – Be transparent with your audience
Place a conspicuous link or include a pop-up window addressing your business’s collection of personal information, as well as a conspicuous Don’t Sell My Personal Information link or a pop-up window on your customer-facing website. This allows visitors to see you’re considering their opinions and presenting them with an option to be removed from any information sharing activities with third parties.
#2 – Make information requests easy and user-friendly
Businesses should have at least two methods for submitting requests. Create a secure web form, designated email address, and/or designated toll-free phone line dedicated to processing consumer requests.
#3 – Respond to requests in a timely fashion
California law mandates that in order to be compliant, companies must respond to all requests to access, delete, and opt consumers out of the sale of their personal data as soon as possible after receiving them.
#4 – Verify and govern internally
Create a verification process to address incoming customer requests to know and to delete. This may include a series of questions related to data in your system. As a responsible business, you DO have the right to deny a request if consumers fail to satisfactorily identify themselves or verify their right to access information on behalf of someone. It’s required to keep these denials on file with a detailed description of the reason for the denial.
#5 – Protect the information of minors
Implement a parental consent documentation process to explicitly grant parents and guardians access to their children’s information.
Your CCPA Compliance Checklist
If one of your internal compliance checks reveals you’re out of compliance, follow your company’s contingency plan for data storage protocol breaches.
If an audit or regulatory committee discovers there’s been a compliance issue or data has been compromised, your organization has a 30-day cure period to cooperate with the law associated with the violation.
Because one of the biggest obstacles businesses face when it comes to CCPA preparedness is a lack of time and bandwidth, as well as the complexity of the law, we created a 5 Step CCPA Compliance Checklist. This checklist includes recommended actions to help businesses working towards CCPA compliance.