As of January 1, 2020, the California Consumer Privacy Act (CCPA) is in effect. This means that California residents have new data privacy rights – forcing businesses in California to implement structural changes to their privacy programs. Two of the biggest challenges that businesses face when it comes to CCPA compliance is a lack of time and bandwidth.
As a result, many businesses are working to replace spreadsheets and traditional risk management solutions with modern data automation technology and power research portals that are purpose-built to solve these challenges at scale.
What is the CCPA?
The CCPA is the first privacy law of its kind in the United States. The law aims to protect California consumers’ personal information. To safeguard consumer privacy, the CCPA requires businesses to provide consumers with as much information as possible about the ways in which their personal information is collected and used. The law also grants consumers certain rights to give them more control over how their data is used and sold. Specifically, the CCPA requires businesses to explain to consumers what personal information they are collecting and their business purpose(s), gives consumers the right to say ‘no’ to the sale of their personal information, and allows consumers to request businesses to delete their personal information.
The first step to take toward a CCPA-compliant privacy program is to understand the law. At a high level, California consumers-defined as natural persons residing in California—enjoy several rights with respect to their personal information collected and/or sold by businesses. The CCPA applies to businesses that meet certain threshold criteria, such as those that operate in California, collect consumers’ personal information, determine the purposes and means of the data processing, and have annual gross revenues exceeding $25,000,000. Moreover, the law broadly defines personal information to encompass information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be link, directly or indirectly, with a particular consumer or household.
Once you know how the law will impact your business, you will be better able to determine a strategy to operationalize CCPA compliance and begin building a privacy program that works for your specific business needs. Many businesses adopt an incremental approach to implementation starting with a strong foundation to support compliance throughout the life of a privacy program.
To learn more, download the whitepaper: Getting Started: 5 Steps to Start Your CCPA Compliance Privacy Program. This whitepaper provides practical steps you can take now to prepare the CCPA and leverage the new law as a stepping stone to build a global privacy program.