What is CCPA Compliance?
California Consumer Privacy Act (CCPA) Compliance – What it is and what you need to do
California’s Consumer Privacy Act which took effect on January 1, 2020, mandates companies to implement several privacy initiatives to ensure the consumer data is secure. Designed to protect the privacy of users, California’s new law is an opportunity for companies to review their practices and reflect deeply upon how user data is utilized. Here’s everything you need to know about CCPA compliance.
What is CCPA?
The California Consumer Privacy Act (CCPA) is one of the most comprehensive data privacy laws set up by the government of the United States. CCPA puts the onus on businesses to align with these new requirements that clearly define and require companies to disclose any collection, sharing, and sale of personal information — and the security of that data.
With the deadline for the official enforcement of CCPA just a few weeks away, now is the right time to find a platform that can help you with your CCPA compliance.
What should you do?
With almost a month to go for the CCPA deadline, you need to prepare your business and take steps to move towards the compliance. This requires automation and robust IT solutions that can help you with CCPA compliance in the long run.
Here is what you need to do:
- Map all data and prepare answers to the below questions
- What personal information is collected and from whom?
- Where is personal information stored?
- How is personal information stored?
- How long do we retain personal information and for what purpose?
- With whom do we share personal information and why?
- Review all third-party agreements to ensure they are compliant with the CCPA.
- Develop processes to respond to access and deletion requests.
- Develop and implement robust employee training programmes to collect, use, disclose, and protect personal information of users.
- Develop or amend your privacy polices and/or other privacy notices.
- Develop and implement, to minimize litigation liability:
- Reasonable security practices (such as encryption and/or redaction)
- Data breach response plan
- Incident response plan
Who needs to comply?
Not every business falls within the purview of the CCPA. If your business is a for-profit business that comes within one of the below categories, then it is mandatory for you to achieve CCPA compliance:
- You have $25 million or more in annual revenue
- You possess the personal data of more than 50,000 consumers, households, or devices
- You earn more than half of your annual revenue by selling consumers’ personal data.
What rights to consumers have?
- Right to know what information is collected.
- Right to know what information has been shared (and with whom)
- Right to opt-out of the sale of data
- Right to request deletion of personal information
- Right to receive equal services, even if exercising privacy rights
What are the penalties for non-compliance?
If businesses do not comply with CCPA, the California Attorney General can impose hefty fines.
- You can be fined up to the US $7,500 per intentional violation
- A business can also face a statutory penalty of up to the US $2,500 per violation
Note – Both are subject to notice being provided to the business and a 30-day opportunity for the business to cure a violation.
How can we help?
- We have partnered with a leading PrivacyOps company –Securiti.ai, to help you safeguard your data
- We build and provide a robust data protection ecosystem, so you never have to worry about the security and CCPA compliance of your consumer data
- We can help you structure your data in accordance with data governance guidelines so that you can manage customer data efficiently
- We help you manage how you store your consumer data and deploy robust ways to keep that information secure
- We hand-hold you through regulatory requirements of the CCPA and offer governance solutions
Get started today to get your free CCPA assessment.