The California Consumer Privacy Act (CCPA) is taking effect on January 1st, 2020, and one requirement that still confuses many businesses is the Toll-Free Number requirement.

The CCPA requires businesses to have a toll-free number as a designated method for consumers to submit requests for information about the collection and selling or sharing of their personal information (i.e., information requests or the right to know). However, the California Governor signed an amendment to the Toll-Free Number requirement back in October, slightly changing the requirement’s scope. The amendment confirms that businesses must provide two methods for consumers to submit information requests, including, at a minimum, a toll-free number. However, businesses that operate exclusively online and have a direct relationship with the consumer need not provide a toll-free number; instead, they must only provide an email address as a designated method for submitting requests. And, businesses that maintain an internet website must provide the internet website to consumers to submit information requests.

The California Attorney General (AG) also laid out rules on the use of toll-free numbers in section § 999.312 of the proposed regulations. The AG’s draft regulations reiterate that businesses must provide two or more designated methods for consumers for submitting requests to know, including, at a minimum, a toll-free number.Where businesses operate websites, they must, at a minimum, also provide an interactive web form accessible through their websites or mobile apps. In addition, the AG rules permit businesses to use a toll-free number as one of two or more methods for submitting deletion requests.

In determining the appropriate methods for submitting information and deletion requests, businesses must consider how they primarily interact with consumers. So, for example, if the business has an online presence, but mainly interacts with consumers at a retail location, it must provide three methods to submit information requests—namely, a toll-free number, an interactive web form, and a physical (paper) form.

With respect to the right to opt-out of the sale of personal information, the proposed regulations require businesses to provide, at a minimum, an interactive web form accessible via the “Do Not Sell My Info” link. Other acceptable methods include:

• Toll-free phone number
• Designated email address
• Form submitted in person
• Form submitted via mail
• User-enabled privacy controls (e.g., browser plugin or privacy settings)

At this point in time, the AG’s proposed regulations are not final and may undergo changes before the AG publishes the final regulations sometime in the Spring of 2020.

How Can My Business Comply with the Toll-Free Number Requirement?

The OneTrust CCPA Toll-Free Number solution is a part of the OneTrust for CCPA suite of privacy management tools. This solution allows companies to add a phone workflow into their Consumer Rights process and gives companies an easy way to automate and comply with the CCPA’s toll-free requirements. Customers of OneTrust can issue a unique or shared phone number, have a fully customizable greeting, and verify consumer identity to log requests.

With OneTrust CCPA Toll-Free Number, you can:

• Get a unique phone number for customers to call in their consumer rights requests
• Set up a customized welcome greeting in line with your company’s messaging and the CCPA regulatory requirements
• Add identity verification workflows to validate the requestor’s identity
• Integrate with online CCPA Consumer Rights & Do Not Sell solutions
• Automate fulfilling requests with OneTrust Targeted Data Discovery integrations
• Centrally log consumer requests for recordkeeping

With OneTrust’s CCPA Consumer Rights Management solutions, you can show your consumers that you respect their privacy rights and build automated back-end workflows that don’t disrupt your business operations with each request.

To learn more about how OneTrust can help with the CCPA’s Toll-Free requirement and other obligations, visit OneTrust for CCPA or request a demo today.