With the CCPA amendments signed into law, privacy experts are discussing what this means for businesses and the industry as we move forward into 2020. From tech giants to small businesses, the CCPA is making everyone fall in line. The final amendments now provide organizations a guideline for what they must do to fully meet CCPA compliance. Although the CCPA will not take effect until January 1, 2020, many businesses are taking a wise approach and preparing well in advance to comply with the requirements.

For more information on how you can get started with your CCPA privacy program and meet CCPA compliance, download this whitepaper.

The CCPA requirements for businesses include:

  • Businesses should specifically and clearly inform consumers about how they collect and use personal information and how they can exercise their rights and choices, and businesses should not collect the personal information of children without consent.
  • Businesses should only collect consumers’ personal information for specific, explicit, and legitimate purposes, and should not further collect, use, or disclose consumers’ personal information for reasons incompatible with those purposes.
  • Businesses should collect consumers’ personal information only to the extent that it is relevant and limited to what is necessary in relation to the purposes for which it is being collected, used, and shared.
  • Businesses should provide consumers or their authorized agents with easily accessible self-serve tools that allow consumers to obtain their personal information, delete it, or correct it, and to opt-out of the sale of their personal information, including for cross-context behavioral advertising, and the use of their sensitive personal information for advertising and marketing.
  • Businesses should not penalize consumers for exercising these rights.
  • Businesses that use consumers’ personal information to advance their own political purposes should disclose that fact.
  • Businesses should take appropriate precautions to protect consumers’ personal information from a security breach.
  • Businesses should be held accountable when they violate consumers’ privacy rights, and the penalties should be higher when the violation affects children.

The companies that are preparing for these requirements may have already had a taste of global regulations and increasing data misuse and the reputational damage that can come with it. Instead of seeing the CCPA as a final destination for their privacy program, organizations are taking advantage of the recent CCPA changes to step up their continuing privacy program efforts.

As companies prepare for the CCPA, it is essential to remember that a privacy program will need to adapt and change according to, not only privacy law but the needs of the company as well. Regardless of where you are with your privacy program, it is never too late to start planning for your CCPA compliance readiness. OneTrust for CCPA is a full set of scalable privacy management software solutions and services specifically designed to implement CCPA requirements and workflows to support a global privacy program.

For additional information, or to request a live OneTrust for CCPA software demo, visit www.OneTrust.com/ccpa-compliance or email [email protected].


Check out our CCPA blog series: