Running a small business can be stressful. Trust me, when I started Red Clover Advisors, I felt overwhelmed by day-to-day operational challenges, building our client base, and ensuring that we were providing top-notch advice and service. Regardless of your industry, being a small business owner means you wear a lot of hats and there are certain areas in which you just don’t have expertise.
Perhaps the CCPA regulations that take effect on January 1, 2020 are one of those items that have piled onto your stress list. Don’t worry! Here are five simple steps to CCPA compliance success for small business owners that I think will really help you navigate the process.
- Data is king. If you do not know what customer data you have or understand its implications, it is nearly impossible to comply with the CCPA regulations. The key here is that under the CCPA, data you collect qualifies as personal information. You should start the data mapping process now, if you have not already. Here are some questions to consider when you undergo data mapping:
- Where do you host your data (including with any third parties)?
- For what purpose is the data you collect used?
- Do you collect and sell data on children?
- Notify, notify, notify. You can no longer tell a customer once that you are collecting their information. Under the CCPA, you must provide four different notices and update them appropriately. These include, notice of collection of personal information, customer opt-out rights, financial incentive notice, and your business’ privacy policy. While the CCPA regulations may sound like legal jargon to you, it is important that your notices are consumer friendly. Here are some questions to consider when creating or reviewing your notices:
- Are your notices easy for anyone to understand?
- Do the notices detail the data you collect such as the sources of information or categories of personal information collected?
- Do they provide information regarding what your business plans to do with the information collected?
- Are they designed to grab a customer’s attention? What about individuals with disabilities?
- Do you do business in another country or with those who speak a language other than English? If so, is each notice available in that language?
- Consumer-Centric. You need to have a plan for individual’s rights, which includes being accessible for consumer requests, verification of data, and opt-out options. Under the CCPA, you must explain what you plan to do with the data you collect and provide two ways for customers to contact you regarding said data. Here are some questions to consider when developing your plan:
- Do you have methods for contact in place? For nearly all businesses, one of these methods must be a toll-free phone number; is it set up? Many businesses also opt for an electronic method; is this right for your business?
- Do you have a system to ensure timely responses to consumer requests? This can be hard when you are juggling so many things, but it is very important to be aware of these time constraints and abide by them. Did you know that the CCPA regulations state you have to acknowledge most consumer requests within 10 days? And, that the data verification process has to be complete within 45 days?
- Does your team know how to verify consumer information or what to do in cases that you cannot verify a consumer?
- Do you have an opt-out policy and process in place? And, is it in the CCPA-approved format?
- Train your team.all know that customer service is important and would hate for this to happen, this training goes beyond getting a positive or negative review on social media. Under the CCPA regulations there are new requirements about documentation that anyone who handles consumer requests and data need to be aware of and have proper training regarding the specifics. Here are some questions to consider when creating a training manual:
- Do your employees know they must keep a record the customer requests that your business is receiving?
- Do they know these records must be maintained in a log or ticket format?>
- Do they know that the information maintained in these records cannot be used for any other business purpose?
- Rinse and repeat. Once you have a plan in place and have mapped your data, it is important to keep in mind that this is not a one-time thing. Being responsible for consumer data and staying up to date on state and national regulations is the new norm, not something you can set up once and forget about. Here are some questions to consider as you look ahead:
- How will you integrate the plan for new consumers and their data?
- How will you keep up with adjustments to the regulations?
- How will compliance be maintained on an ongoing basis?
We hope this was a helpful resource. But, if you still have questions, please schedule a free call with us. Red Clover Advisors would love to help you navigate this process and make your life a little less stressful.