In recent years, businesses have seen mounting pressure to increase their customer privacy and data security efforts. The GDPR (General Data Protection Regulation) was, perhaps, the first of many global privacy regulations introduced to force businesses to increase their level of personal data security while holding these organizations who handle this type of sensitive data accountable. More recently, California was the first state to set privacy regulations. Now, any company that hosts data pertaining to California residents must comply with this new regulation.
What is the CCPA?
On January 1, 2020, The California Consumer Protection Act (CCPA) went into effect as a landmark piece of legislation with the goal of protecting the personal data of California residents. The CCPA is similar to the GDPR in that is designed to give Californians more control over that data and its impact reaches beyond its own borders. The CCPA applies to any organization (regardless of location) that handles the data of California residents.
The CCPA provides Californians with important new rights to:
Know what personal information is being collected about them
Know if their personal information is shared or sold and to whom
Access their personal information
Refuse the sale of their personal information
Receive equal price and service, regardless of whether they exercise their privacy rights
Which Companies Must Comply with the CCPA?
The CCPA applies to for-profit businesses that:
Receive, process, or transfer data from greater than 50,000 Californians annually
Exceed gross revenue of $25 million annually, or
Acquire at least 50% of their annual revenue comes from the sale of data that belongs to Californians
CCPA Checklist for Compliance
The following list represents ten critical steps to get your organization ready to meet CCPA compliance guidelines.
Using the guidelines above, check to determine whether the CCPA applies to your business
Collect and review the personal data your business handles to help determine how you will apply the CCPA regulations
Implement processes that will execute data access and deletion requests
Perform an assessment regarding how you are currently sending personal information to other organizations. Know when consumers can choose to “opt out” of these information shares.
Review how you are currently sharing personal information with affiliates. Some affiliate disclosures may actually be sales and require an opportunity for a consumer “opt out”
Review contracts and ensure that public disclosures are up to date
Set processes to modify services for residents who choose to exercise their rights
Determine whether your business handles personal data from those who are under 15 years of age and follow the CCPA guidelines accordingly
Examine your data security procedures and minimize your liability exposure
Keep current on CCPA changes and developments
Employee Training for CCPA Compliance
Under the CCPA, businesses must train their employees on key sections of the regulation. Particularly consumers can be directed to exercise the rights they are granted. To accomplish this, employees must be educated on:
The consumer’s right to request that the business disclose what information they are collecting and why
The consumer’s right to know about the sharing and sale of personal information
The injunction against any company discriminating against those consumers who choose to exercise their CCPA privacy rights
The company’s responsibility for policy disclosure and the rules that regulate its process for responding to consumer requests
LMS Portals for CCPA Employee Training
LMS Portals provides a powerful, SaaS-based platform that allows our clients to launch and manage their own corporate-branded eLearning portals for CCPA employee training. Our systems allows for fast and easy development and delivery of CCPA eLearning courses and includes robust supporting tools for employee onboarding, messaging, knowledge management, analytics, and more.
Contact us today to get started for free!