As a main tenet of the legislation, it’s imperative you get this initiative completed correctly and in full before the enforcement deadline of July 1, 2020.
The personal information categories the business has collected.
The intended use purposes for each category.
In addition, you must also include disclosures if you collect additional personal information categories or use collected personal information for unrelated purposes.
Companies must be diligent about identifying where their privacy policies live across their digital properties. Each and every one of these must be updated appropriately and consistently maintained.
In the fast-paced digital world, privacy policies that are most effective will be designed responsively so they can be viewed and accepted on any device. And keeping a detailed version history to track changes is a smart move, too.
Under the CCPA regulation, this action is called “notice” and often takes the form of an email marketing message. It can also include short-form notices such as web forms, just-in-time pop-ups in mobile apps, and even cookies banners. It requires that “at or before the point of collection” companies reveal to consumers the categories of personal information the company collects and for what purpose the information is used by the company.
This includes personal information collected, disclosed, or sold. That means third parties involved with the business and the use of data also have to be revealed in the CCPA notice.
Most importantly, the notice should give consumers the opportunity to opt-out of the sale of their personal data.
Implementing the CCPA requirements for privacy policies and notices can be a handful. But it doesn’t have to be this way.
In fact, technology automates the entire process so you can get back to what’s important.