California Consumer Privacy Act (CCPA), passed in June 2018 will affect majority of the businesses when comes into effect on January 1, 2020. The law dictates that the consumers of California have the right to access any or all the personal data being held by a company and can request the company to get it deleted and not to be sold. Businesses with an annual turnover of $ 25 million or more are required to comply with this law. With CCPA in effect businesses will be required to share their consumer data collecting practices also to share a report with them about the amount of data businesses have or what they have shared with others.
As the businesses scramble to meet the deadline and comply with the law by January 1, 2020, the cost of compliance is also on exponential growth. Companies which do not comply to CCPA will be subject to lawsuit and might face significant amount of fines. The companies who don’t have physical presence in California but having an online presence must comply to CCPA. The law was proposed last summer and businesses opted a skeptical approach during the making process which resulted in delayed actions to ensure they being CCPA compliant. The law can be break down into the following points:
- Businesses must communicate consumers the reason behind collecting their personal information.
- Consumers have the right to know what information is being collected by the business, source of that information, usage of the information and with whom the information will be shared.
- Consumers can ask businesses not to share their personal information with other entities.
- Consumers can ask businesses to delete all the information they have about them.
- On exercising their privacy rights, businesses can’t charge consumers with different pricing or refusing them for any sort of services.
Steps to be CCPA Compliant
Businesses who already have been GDPR compliant won’t face much of an issue in being CCPA compliant. But for businesses who haven’t, they have a pretty tough task moving further. Below mentioned are some of the key steps to be CCPA compliant:
- Businesses have to update their privacy policies adding description of new consumer rights as per CCPA.
- Businesses will have to maintain their database to track their data processing activities, business processes and how they are using the consumer personal information.
- Businesses have to ensure that consumer rights such as Right to Notice, Right to Access, Right to Delete, Right to Opt-out are met.
- Businesses should make proper security updates in order to protect the personal information of the consumers. Data breaches and cyber attacks in the recent past have resulted in loss of huge amount of personal data of the consumers and levied signification fines on businesses.
- Businesses have to update their third party agreements in case if other companies are processing their data with proper assessment and auditing to be CCPA compliant.
ConfidentG Compliance Management application is an agile and intuitive platform that continuously monitors and reports on all activities in order to help you meet the stringent requirements of being complaint to latest privacy regulations. It is designed to help you address all of your Governance, Risk and Compliance challenges with ease and speed.
Stay tuned for more informative posts on Cyber, Risk and Compliance Governance. Visit us at our Appexchange listing today at https://cglabs.us/cg_products and get confident with your Governance initiatives.