Once a business has identified if the ccpa is going to affect them, it is important to follow these steps to stay in compliance. First and foremost, businesses need to map consumer data. A great starting point is to ask the following questions. What personal data is collected and retained? How is data collected? Where and how is data stored? Is this data shared with other entities? As of january 1, 2020, california residents have the right to request this information. It is imperative for businesses to be able to provide this data accordingly to remain compliant.
Similar to when the gdpr came into the world, updating corporate privacy disclosures are a necessary step to ensure compliance. These disclosures need to inform consumers of what data is being collected and how that data is intended to be used.
The ccpa calls for a website to have a privacy link on the homepage of a website entitled
do not sell my information, which allows users to opt-out of having personal data sold. This process is encouraged to happen sooner, rather than later.
Since california residents can request information, there business phone list needs to be a clear process for handling data requests from consumers. According to the ccpa, these requests must be processed free of charge and within 45 days. These processes need to cover the following consumer inquiries:
Request for a copy of personal data
Request that personal data be deleted
Enquire as to what categories of personal data are being sold on that specific consumer
Request to opt-out of the sale of personal data of individuals 16 years of age or older.
Request to opt in for the sale of personal data of individuals between the ages of 13 and 16
Obtain consent from a guardian to sell personal data of consumers that are younger than 13 years of age.
California consumers now have the right to seek CU Lists financial damages for breached personal data. Therefore, it is crucial for your business to have privacy and security policies in place. Consumers must be made fully aware of how any business intends to utilize personal data under these new regulations. Strengthening data security measures diminishes the likelihood of hackers obtaining consumer data illegally, leaving your company liable for financial damages from consumers.
In conclusion, even if a business currently does not fit directly under the ccpa requirements, it is wise to become compliant, as the ccpa is likely the first of many privacy acts to come.