Much like with GDPR, CCPA may not be among the aspects you're most eager to dive into when it comes to your business. Getting ahead of the game, however, will not only save you the unnecessary stress, and higher price points, that come with scraping it together at the last minute, it can also easily become your competitive advantage if you start early.
If your business collects personal data on California residents, there are some adjustments you may need to make in how this is done. This article will walk you through a few reasons why it's better to start planning for it now.
1. You'll know now what data you collect, where you store it, how you use it, where you share it.
Under CCPA, you'll need to create a privacy notice for your business and you won't be able to do this if you don't know what data you are collecting and where you're storing it. This is also an important part of managing your obligations under individual rights.
Consumers will now have the ability to bring what's called a right of action against a company if they allegedly fail to “implement and maintain reasonable security procedures and practices” and it results in a data breach. In some instances, a user might even be able to sue the company.
By performing a data inventory, it will help you decide what you no longer need and get rid of it. Repetitive operations that are costing you money that could be better used elsewhere? Gone. Likewise, you may discover data you didn't even realize you had, and be inspired by it in ways you never could have imagined. Think privacy and innovation aren't inextricably connected? Think again.
The value of data cannot be underestimated—and you cannot comply with the laws or use it to your advantage in your business without understanding yours.
2. You'll know what changes you need to make if you sell data.
In order to keep selling data in California under CCPA, you'll need to put a button or link on your site in an obvious place titled “Do Not Sell My Personal Information” so visitors are able to opt out of the sale of their data. Once this is in place and someone enters their information, you'll also need to know exactly what happens to it next to make sure it is stays separate from those who don't opt out. The sale of data will need to be built on an individual level now, or you'll need to adjust your current process so it functions in under these new parameters.
The bottom line is you won't know what you need to change until you have all the information in front of you to analyze. Even if you decide, in the end, the cost isn't worth it to keep selling data, there is still work you'll need to do in order to close the process down before the law goes into effect.
3. You'll have plenty of time to educate your workforce which is essential to compliance.
Privacy needs to be an integral part of how you project and operate your entire business, if it wasn't already.
Your product and marketing personnel, and anyone else who handles data, need to know what the privacy notice says, and know how this actually applies within your day to day operations. Everyone is a steward of data—and you won't be able to manage any of the individual rights properly if your staff is conflicted on how that even works.
Without the same basic understanding of the privacy changes, regardless of position, you run the risk of someone making an uninformed decision that could lead to a costly breach.
4. You can announce compliance ahead of your competitors.
Privacy is a differentiator. Many well-known and highly respected brands have created pages on their websites announcing how they're handling and managing privacy before anyone has to ask. Apple is a notable example. They went above and beyond what was required to be compliant and created a separate page dedicated to explaining how they thought through privacy and specifically worked it into their hardware and software in the design phase.
If you're forward thinking and openly address potential concerns with your customers before they arise, you will stand out from all your competitors who can't be bothered.
Customers will appreciate your transparency. A bolder approach that shows people you value them more than the data they give you. Wouldn't you prefer to handle privacy in the same way as some of the world's most trusted brands?
5. You can begin budgeting for it now.
Understanding exactly what you need to do now will give you time to gather the funds you need to make the necessary changes. The last thing you want to do is be figuring this out right before the deadline, which is next year's holiday season.
A few questions you may want to consider to determine your budget:
1. Who do I need to help me figure this out?
2. How much time do I need internally?
3. Do I need to adjust internal resources?
4. Which software do I need? How much time will I need to consider my options so I pick the right one and don't make any rash decisions?
5. How many people do I need to train on this?
Wondering how solid your privacy program really is? Or could it be, if you're honest, you're not sure you have one at all? Schedule your complimentary evaluation today and wherever you're at, we'll get you where you need to be.