The California Consumer Privacy Act (CCPA) will take effect on January 1, 2020. At first glance, this may appear to give your organization some time to prepare. However, the law, which provides California residents with several rights, including the right to request access to their personal information, has a “look back” requirement. Indeed, when a consumer makes a verifiable request for access to their personal information, organizations are required to provide records covering the 12-month period preceding the date of the request. This means that your organization should already be maintaining accurate records of consumers’ personal information starting from January 1, 2019.

New rights for consumers under the CCPA:

In addition, businesses have separate obligations to disclose to consumers the right they have to ask for deletion of their personal information, if the business sells personal information, the fact that it does and that consumers have a right to opt out of the sale of their personal information, and, at or before the point of collection of personal information, the categories of personal information to be collected and the purposes for the use. 

What does this mean for your organization?

Companies will need to start preparing as early as possible to be ready to respond to the look back requirement and the new rights given to consumers. This means understanding where all personal information about consumers reside and where it flows within the organization, creating mechanisms to enable consumers to make those requests, training and potentially hiring new resources to respond to requests from consumers, updating their privacy policies to comply with the newly introduced information disclosure requirements, implementing new and structural processes internally to handle those requests, and more. 

How OneTrust helps:

With OneTrust, your organization can take a holistic approach to CCPA compliance by leveraging a comprehensive suite of tools, each offering CCPA-specific functionality. By leveraging internal governance tools as well as consumer-facing tools, your organization can pinpoint where personal data resides and how it is used; streamline your ability to act when consumers exercise their rights to information and deletion; and manage opt outs relating to the sale of personal information. With OneTrust Data Inventory and Mapping you can map CCPA dataflows for California consumer data flows to meet the CCPA look back requirement. The OneTrust platform directly addresses CCPA requirements and sets organizations on the right trajectory for supporting a global privacy program.

Are you ready for the CCPA? Understand your readiness and get the best combination of technology, professional services, research, and community events with OneTrust’s Resources: