There’s a growing movement to balance a company’s right to collect consumer data and the customer’s right to privacy. California is leading the way with the recent passage of the California Consumer Privacy Act (CCPA.) This new law, however, comes with specific compliance challenges for all companies, both big and small.
You can read further on our top three CCPA compliance challenges that your company is likely to face. Study these issues and how you can overcome them in your CCPA compliance journey.
What is CCPA?
CCPA was passed in 2018 to increase a California resident’s consumer privacy and protection rights. These CCPA laws standardize how a company can use any personal customer data information that they might collect.
This privacy law also permits California residents the right to find out what information businesses have about them. CCPA also gives residents the option to choose not to participate in any information collection efforts and instructs a company to remove that personal information they might have on that specific customer. Under the CCPA, Californians can also disallow a company from selling their personal data to another company.
Customer names, social security numbers, and mailing addresses, all fall under the protection of the CCPA. Other customer online metrics are also protected by the CCPA. These online metrics include online search and browsing histories and individual email addresses.
Who Does CCPA Apply to?
Not every California company is required to comply with CCPA regulations. CCPA applies only to those businesses that report over 25 million in revenues where half of those revenues result in personal data sales. Companies that buy or sell personal information for over 50,000 households or customers must also meet CCPA terms.
The CCPA also compels a company to enhance its cybersecurity protections to safeguard their collected personal information from unauthorized access or theft. The deadline for companies to comply with CCPA is January 1, 2020.
CCPA Compliance Challenges
Approximately fifty percent of US industries impacted by CCPA are expected to be in compliance by that 2020 deadline. Some of these companies are reporting that their three biggest challenges to comply with the new CCPA compliance requirements fall into these three broad categories.
Limited Implementation Time
Many executives are concerned about the limited time available to prepare. Numerous companies rank CCPA compliance as their top business priority. Retail and TMT companies, for example, are prioritizing CCPA compliance to a greater degree than other sectors.
CCPA now includes a process for customers to bring action against companies that violate the CCPA. Consumers must now provide a 30-day notice to a company that they think violated the terms of the CCPA before they can take legal action. Companies have 30 days to respond and “correct” the violation.
Proper Technological Infrastructure
Part of the success in complying with CCPA provisions is to be able to quickly prove that compliance efforts have been launched. One way companies can do this is to use content management systems to organize their customer’s personally identifiable data.
Enterprise Content Management systems manage personally identifiable information. These content management systems can look for and reply to any security breach. These systems can also pinpoint gaps in security frameworks that might make a company prone to security risks.
Adept at Multiple Data Privacy Laws
For a company operating in multiple states (let alone other countries), the scale of the challenge is clear. Every state expects a company to respect its customer’s privacy in different ways. It won’t be a “one size fits all” approach for companies to comply.
For example, the Nevada Privacy Act only applies to companies that operate online businesses. The CCPA compels both online and offline businesses to comply with the Act. New York’s Privacy Act requires companies to prioritize customer privacy over making a profit.
How Can Companies Prepare?
CCPA becomes effective on January 1, 2020. The good news is that companies can prepare right now to meet these new compliance expectations. Follow this quick CCPA compliance checklist to help make sure you are on your way:
1. Brief Your Staff That Changes are Coming
The best way you can update your existing systems is to enlist the professionals you hired in the first place. Brief your IT leadership teams to let them know of the upcoming CCPA changes so that they can advise you on how to prioritize upgrades within your existing systems. Your IT staff can also help you map out the process to update your employee procedures as well.
2. Train Your Team
Educate your staff on the key aspects of the CCPA. This training should take place well before Jan. 1, 2020. This training should include an overview of individual state privacy laws that do business with your company.
3. Create a Customer Response Process
By January 1, 2020, CCPA requires companies to answer customer inquiries about their personal data. To be able to respond to these inquiries, your company should develop procedures for processing these requests. These inquiries might include:
• How can I get a copy of my personal information?
• How can I get my personal information deleted? and
• What parts of my personal information are being sold?
4. Update Your Website with a Privacy Homepage
This page should contain your updated privacy disclosures that inform clients of the personal information that you collect. Provide advisory information on what point during the interaction you will start collecting information during your interchange. Advise your customers on what information you are collecting and what purpose you plan to use this information.
Your privacy page should also advise viewers on what type of third parties you plan to share their data with. Be sure to have a way for viewers to choose not to have their personal information sold. You can handle this with a clearly marked privacy link or button that reads “Don’t Sell My Information.”
Feel like you are more informed on some of these CCPA compliance challenges ahead? Make no mistake, there are many changes waiting for you. Just be confident that you have a team of able in-house professionals who can help you comply with these new terms.
If you’re ready to start your compliance efforts, call your team together. Purchase a new enterprise management system to start your data collection efforts. Revise your company website to outline your privacy disclosures as well as your “Don’t Sell My Information” button.
Don’t forget to check our website for more helpful information on privacy rights management. We can help safeguard your customer's privacy rights without overburdening you!