8 Steps to CCPA Compliance
CCPA is the most comprehensive general data privacy bill of its kind to pass in the United States at a state level. It stipulates significantly more transparency for companies and is the toughest privacy law in the U.S. If you’re already complying with GDPR, you still have work to do, but you have a head start!
Download the 8 Steps PDF by entering your details below!
8 Steps to CCPA Compliance
1. Start Now
2. Collaborate with your team, and come up with a plan of attack.
Identify the resources needed (such as software tools, attorneys, and consultants)required to help with compliance.
Establish and/or review privacy training. As employees move between roles, it will be imperative to train employees and create a standard operating procedure for honoring individual rights.
3. Get to know your data.
4. Understand (and create processes to handle) the individual rights of disclosure, access, and deletion.
5. Create a clear path and process for an individual to opt out of selling personal information.
Individual rights are a key aspect of CCPA.
An individual also has the right to opt out from the sale* of personal information. Businesses selling PI will need to put controls in place to manage the opt-out requests and also a process to capture subsequent authorization if the consumer changes their mind. One of the controls CCPA mandates is that businesses create a separate “Do Not Sell My Personal Information” webpage with an obvious path from their homepage that directs consumers to opt out of the sale of their personal information.
*Selling is broadly defined under the CCPA: “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”
6. Establish and/or strengthen security measures.
7. Update Privacy Notices
Transparency is critical under CCPA.
Update your privacy notices to specifically state what data is collected, explain the purpose for the data’s use, identify third parties with which that data is shared, and communicate the rights available to an individual about their personal data.
8. Prepare for the future of privacy laws and regulations.
We believe privacy is just good business.
© 2019 Red Clover Advisors, LLC
The materials available at this web site are for informational purposes only and not for the purpose of providing legal advice. Red Clover Advisors, LLC is not a law firm and if you need legal advice, please contact an attorney who is competent to provide appropriate legal advice with respect to your specific problem. The ideas or opinions expressed on this website are the opinions of the specified author and do not necessarily reflect the opinion of the company.