The California Consumer Privacy Act (CCPA) got enacted in June 2018 and went into effect in January 2020. As the name suggests, this legislation seeks to safeguard consumers’ data. If your company does business in California, collects personal data from at least 50,000 customers, and earns more than $25 million annually, this legislation applies to you. Likewise, businesses that make more than 50% of their revenue from trading customers’ personal data are also regulated by the CCPA.
1. Consumers’ Right to Access Data
Since the CCPA went into effect, you are required to grant customers access to their personal data that is in your possession. Gone are those days when consumers were in the dark concerning the data collected from them and how it was used. Businesses were required to meet this requirement by the time the CCPA went into effect to avoid the possibility of facing huge fines.
2. Consumers’ Right to Stop the Use of Their Personal Data
The CCPA requires businesses to provide their customers with the choice of opting out from the use of their personal data. A company will be breaching the legislation if it sells its customers’ personal data, yet they are opposed to that. Therefore, companies may experience more difficulties in collecting consumers’ personal information. Likewise, businesses will have to acquire the personal data of prospective customers through direct interactions rather than purchasing it from other sources.
At first, this might prove to be a challenge to businesses, but in the long run, it will be beneficial. Companies will benefit from high-quality data collected directly from prospective customers. As a result, they will be able to engage in more intelligent and pragmatic marketing strategies since they will have first-hand and unadulterated customer data in their possession.
3. Consumers’ Right to Sue Businesses that Lose Their Personal Data
One consequential effect of the CCPA on businesses is that it gives customers the right to sue companies that misuse or lose their personal data to hackers. Therefore, you will need to step up your data security framework so that it becomes harder for hackers to access customer data.
How to Become CCPA-Compliant
Even though the CCPA is already in effect, companies are still scrambling to meet most of its requirements. For you to become compliant and avoid hefty penalties in the process, here’s what you need to do.
Understand How the CCPA Impacts Your Company
The CCPA protects all natural persons who reside in California, rather than “legal persons.” It stipulates that consumers in the state have the right to know what information is collected from them by companies, and how that information is used. To ensure that you are compliant, you should first understand if and how the law affects you. This will help you to map the consumer data that you collect.
Streamline Your Privacy Disclosures
When the GDPR got enacted, businesses across the world started including comprehensive data privacy policies and disclosures on their websites, informing visitors about the data collection procedures in place. The CCPA also requires similar actions. Therefore, if you are under its jurisdiction, you are required to provide disclosures about your points of data collection. Some of the specific points that you must mention include:
- The categories of personal data that your company collects from its customers
- The specific pieces of information that you collect
- Where the information is gathered from
- Third-parties that you share the information with
- the purpose of collecting that information
The disclosure ought to be posted in a public location on your website, and updated regularly.
Update Your Systems and Software
To meet all CCPA requirements, your organization must update its computer systems and software. Since completing and implementing internal updates could take months, it would be best if you went ahead to issue all the necessary IT change requests immediately. This also applies to the recording of new procedures. You should note them down and store them in a shareable and accessible location.
Train Your Staff
Employees ought to be aware of all CCPA requirements. You can only create awareness by organizing regular training sessions. It would be best if you mainly focused on employees who hold public-facing roles. Employee training sessions ought to cover these crucial aspects of the CCPA:
- What the legislation entails, and how your company fits into it
- Whether the CCPA applies only to your California customers or your entire footprint
- How the law defines consumers (as residents of California)
- How to process and handle customers’ inquiries about their data
Protect Yourself Against Data Breaches
California consumers are allowed to take legal action against your company if a data breach hits you and leads to the loss of their personal data. Often, such breaches result from your inability to establish and maintain robust data security practices and procedures. When lawsuits are brought against you, they can lead to hefty fines, loss of business, and reputation loss.
To ensure that your business remains CCPA-compliant, you should continually strengthen your data security framework and policies. Review the strategies that you currently have in place so that you pinpoint and mitigate any risks therein. Moreover, consider investing in a privacy right management platform if you don’t have one in place. This will go a long way in helping you to safeguard customer data.
CCPA Non-Compliance Penalties
CCPA non-compliance can lead to hefty penalties. These penalties are divided into two broad categories — data breaches and regulatory violations. A lawsuit for CCPA violations can be brought against you by the California Attorney General or private consumers. Each violation can attract penalties of up to $2,500. This may increase to $7,500 for every ‘intentional’ violation. Furthermore, violations may be determined on a per-capita basis (number of consumers and your company’s scale of operations).
Just as it is the case with data privacy legislation such as COPPA, the time needed to achieve compliance is crucial. Since the CCPA is already in effect, you stand to get penalized if you are yet to adopt it. If you are yet to become compliant, you should consider automating the compliance processes. This will help you sidestep weeks of tedious and error-prone manual processes. Besides, the documentation that you get from automation provides accurate proof of compliance during auditing.
The California Consumer Privacy Act (CCPA) is one of the most prominent legislation that applies to businesses that operate and collect data from consumers in the state. It empowers consumers to control how you receive, process, and use their personal information, besides defining what personal information means. Contrary to what you might think, the legislation protects both you and your consumers, thus the need to ensure that your business ticks all boxes in the CCPA compliance checklist.