BradEgeland.com
  • Welcome
  • Blog
  • Expertise
  • Resume
  • Software / Service Reviews
  • Contact
  • Videos
  • Books / White Papers
  • Mentoring Contact Form
  • Awards/Recognition
  • Templates & Downloads
  • Clients
  • Professional Services
  • Past Survey Results

Addressing CCPA as a Small Business

2/26/2020

0 Comments

 
Picture
Many for-profit organizations and companies doing business with Californians or in California must comply with the newly introduced California Consumer Privacy Act of 2018 (or simply CCPA). The act took effect on January 1, 2020.

CCPA will affect companies and organizations that fit one or more of the criteria below:
​
  • Have annual gross revenues exceeding $25 million
  • Receive, share, buy, or sell the personal information of 50,000 or more California consumers, devices, or households
  • Derive half of their annual revenue from the sale of information of Californian residents
  • Control or are controlled by entities that meet one or more of the criteria above and share a brand with them.

While enforcement by the attorney general’s office does not start until July 1, 2020 (due to a six month grace period), it’s best to start the CCPA compliance preparation efforts early. Besides, there is at least one aspect of the CCPA that you must comply with by January 1, 2020. It’s the consumers’ right to request any or all of their information stored in your databases.

What Is CCPA?

CCPA stands for the California Consumer Privacy Act of 2018. It’s the U.S.’s most stringent and comprehensive data privacy law. The state of California enacted the bill (AB 375) in June 2018 and later amended it (SB 1121) the following September.

CCPA gives Californians unprecedented powers to restrict the use of, delete, or view the data that for-profit organizations collect about them. They also have the right to sue should a data breach compromise their personal information.

CCPA does not replace any of California’s existing data protection laws, including:

  • The Privacy Rights for California Minors in the Digital World Act
  • The California Online Privacy Protection Act (CalOPPA)
  • The Shine the Light Act

CCPA requires companies to provide CCPA training to all employees who handle customer data and to train them on how to assist consumers in exercising their rights.

CCPA gives Californians the right to do the following:
​
  • View any of their data collected and stored by businesses
  • Know why companies collect and store their data
  • Know with whom and why companies share or sell their data
  • Have companies delete their data on demand

If personal data is compromised, the affected consumers can file a civil suit through their “Private Right of Action.” The state’s Attorney General can also apply fines of up to $7,500 per intentional violation or $2,500 per violation to businesses.

How To Address CCPA As A Company

1 - Understand the Law and Its Requirements

Learn the CCPA and its thresholds to determine the extent to which it applies to your company. Beyond these thresholds, the law contains data-specific exceptions and exemptions that may narrow your compliance scope. Contrarily, it has a broad definition of personal information that may increase the scope. Include an overview of all the frameworks you comply with, and pay attention to overlapping requirements.

2 - Convene a CCPA Team

CCPA is a complex law that is best addressed by a team of compliance and risk professionals, HR leaders, legal staff, IT staff, as well as security and privacy experts. If you wish, you can go a step further and enlist a data protection officer who will oversee compliance.

3- Map Your Data and Its Flow

It’s essential to know where your information comes from, where it goes, and what form it takes. You must understand all your data assets before you achieve CCPA compliance or reply to consumer requests for access and deletion of their personal information.

4 - Review and Update Your Notices and Private Policies

The CCPA requires all affected organizations to provide Californian consumers with clear and specific privacy statements that indicate how they plan to use their data and why.

5 - Assess the Compliance of Your Third-Parties

If any of your third-party data recipients, business partners, or vendors are not CCPA compliant, you could be affected. In short, the compliance of your third-parties will help ensure yours as well.

6 - Establish CCPA Employee Training

Train all of your staff who will deal with consumers when addressing their CCPA concerns and requests.

7 - Consult Your Legal Team

CCPA is a complex law, but it contains errors, uncertainties, and inconsistencies that are best addressed by your legal counsel. Your attorney will also explain the law’s implications for your operations.

8 - Make a Compliance Checklist

The following checklist will help your CCPA compliance efforts:
  • Categorize and tag all your data on Californian residents to quickly comply with their requests
  • Update your website’s privacy policy disclosure
  • Put in place a process for quick data access and deletion
  • Have an updated audit trail and document everything you do to safeguard consumer data
  • Have an effective incident response plan

The Bottom Line

As businesses rush to comply with the CCPA, do not be left behind. Irrespective of your size, find out the scope of the new consumer data protection law to see whether or not it applies to you. If it does, you need to address it as a business by convening a CCPA team, mapping your data and its flow, reviewing your privacy policies, reviewing the compliance of your third parties, training your employees, and coming up with a comprehensive compliance checklist.


0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author:

    Picture

    Brad Egeland


    Named the "#1 Provider of Project Management Content in the World," Brad Egeland has over 25 years of professional IT experience as a developer, manager, project manager, cybersecurity enthusiast, consultant and author.  He has written more than 8,000 expert online articles, eBooks, white papers and video articles for clients worldwide.  If you want Brad to write for your site, contact him. Want your content on this blog and promoted? Contact him. Looking for advice/menoring? Contact him.

    Picture
    Picture
    Picture
    Picture
    Picture
    Picture

    RSS Feed

    Archives

    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    May 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011
    August 2011
    July 2011
    June 2011
    May 2011
    March 2011
    January 2011
    December 2010
    November 2010
    October 2010
    September 2010
    August 2010
    June 2010
    May 2010
    April 2010
    March 2010
    November 2009

    RSS Feed

Powered by Create your own unique website with customizable templates.