All Posts

Have Your Experienced These 3 Big CCPA Compliance Challenges? How to Overcome Them

There’s a growing movement to balance a company’s right to collect consumer data and the customer’s right to privacy. California is leading the way with the recent passage of the California Consumer Privacy Act (CCPA.) This new law, however, comes with specific compliance challenges for all companies, both big and small.

You can read further on our top three CCPA compliance challenges that your company is likely to face. Study these issues and how you can overcome them in your CCPA compliance journey.

What is CCPA?

CCPA was passed in 2018 to increase a California resident’s consumer privacy and protection rights. These CCPA laws standardize how a company can use any personal customer data information that they might collect.

This privacy law also permits California residents the right to find out what information businesses have about them. CCPA also gives residents the option to choose not to participate in any information collection efforts and instructs a company to remove that personal information they might have on that specific customer. Under the CCPA, Californians can also disallow a company from selling their personal data to another company.

Customer names, social security numbers, and mailing addresses, all fall under the protection of the CCPA. Other customer online metrics are also protected by the CCPA. These online metrics include online search and browsing histories and individual email addresses.

Who Does CCPA Apply to?

Not every California company is required to comply with CCPA regulations. CCPA applies only to those businesses that report over 25 million in revenues where half of those revenues result in personal data sales. Companies that buy or sell personal information for over 50,000 households or customers must also meet CCPA terms.

The CCPA also compels a company to enhance its cybersecurity protections to safeguard their collected personal information from unauthorized access or theft. The deadline for companies to comply with CCPA is January 1, 2020.

CCPA Compliance Challenges

Approximately fifty percent of US industries impacted by CCPA are expected to be in compliance by that 2020 deadline. Some of these companies are reporting that their three biggest challenges to comply with the new CCPA compliance requirements fall into these three broad categories.

Limited Implementation Time

Many executives are concerned about the limited time available to prepare. Numerous companies rank CCPA compliance as their top business priority. Retail and TMT companies, for example, are prioritizing CCPA compliance to a greater degree than other sectors.

CCPA now includes a process for customers to bring action against companies that violate the CCPA. Consumers must now provide a 30-day notice to a company that they think violated the terms of the CCPA before they can take legal action. Companies have 30 days to respond and “correct” the violation.

Proper Technological Infrastructure

Part of the success in complying with CCPA provisions is to be able to quickly prove that compliance efforts have been launched. One way companies can do this is to use content management systems to organize their customer’s personally identifiable data.

Enterprise Content Management systems manage personally identifiable information. These content management systems can look for and reply to any security breach. These systems can also pinpoint gaps in security frameworks that might make a company prone to security risks.

Adept at Multiple Data Privacy Laws

For a company operating in multiple states (let alone other countries), the scale of the challenge is clear. Every state expects a company to respect its customer’s privacy in different ways. It won’t be a “one size fits all” approach for companies to comply.

For example, the Nevada Privacy Act only applies to companies that operate online businesses. The CCPA compels both online and offline businesses to comply with the Act. New York’s Privacy Act requires companies to prioritize customer privacy over making a profit.

How Can Companies Prepare?

CCPA becomes effective on January 1, 2020. The good news is that companies can prepare right now to meet these new compliance expectations. Follow this quick CCPA compliance checklist to help make sure you are on your way:

1. Brief Your Staff That Changes are Coming

The best way you can update your existing systems is to enlist the professionals you hired in the first place. Brief your IT leadership teams to let them know of the upcoming CCPA changes so that they can advise you on how to prioritize upgrades within your existing systems. Your IT staff can also help you map out the process to update your employee procedures as well.

2. Train Your Team

Educate your staff on the key aspects of the CCPA. This training should take place well before Jan. 1, 2020. This training should include an overview of individual state privacy laws that do business with your company.

3. Create a Customer Response Process

By January 1, 2020, CCPA requires companies to answer customer inquiries about their personal data. To be able to respond to these inquiries, your company should develop procedures for processing these requests. These inquiries might include:

• How can I get a copy of my personal information?
• How can I get my personal information deleted? and
• What parts of my personal information are being sold?

4. Update Your Website with a Privacy Homepage

This page should contain your updated privacy disclosures that inform clients of the personal information that you collect. Provide advisory information on what point during the interaction you will start collecting information during your interchange. Advise your customers on what information you are collecting and what purpose you plan to use this information.

Your privacy page should also advise viewers on what type of third parties you plan to share their data with. Be sure to have a way for viewers to choose not to have their personal information sold. You can handle this with a clearly marked privacy link or button that reads “Don’t Sell My Information.”

Next Steps

Feel like you are more informed on some of these CCPA compliance challenges ahead? Make no mistake, there are many changes waiting for you. Just be confident that you have a team of able in-house professionals who can help you comply with these new terms.

If you’re ready to start your compliance efforts, call your team together. Purchase a new enterprise management system to start your data collection efforts. Revise your company website to outline your privacy disclosures as well as your “Don’t Sell My Information” button.

Don’t forget to check our website for more helpful information on privacy rights management. We can help safeguard your customer's privacy rights without overburdening you!

Truyo
About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

New privacy platform offering to support fast CCPA compliance ahead of January 1st deadline

This was originally posted on PR Newswire here. IntraEdge, a technology development company announced today the CCPA QuickStart version of Truyo, a pr...

Data Privacy News Roundup: Top Stories That'll Impact US Businesses

Data privacy is constantly in the news these days, and for good reason.  We're all connected to social media outlets with regularity, and anytime you ...

Prepare for CCPA Now: New Signed Laws and Proposed Regulations

The Governor of California signed 6 amendments into law for the CCPA on Friday, October 11th, prior to the full draft legislative changes scheduled fo...

7 Things to Remember When Responding to a Data Subject Access Request

The landscape of data compliance is one of the most rapidly changing and important areas of business right now. Web 2.0 has changed the internet and h...