As you already know, the CCPA is the newest, biggest legal framework when it comes to privacy laws in the Californian State of the United States. Businesses that have one, two or many things to do with privacy, are scrambling fast and furiously to avoid being hit by the very many CCPA regulatory compliance and penalties. Who’d want to avoidably get hit by a $7,500 sanction for every single infringement, anyway?
To avoid being trapped in these penalties when enforcement begins by July 1, 2020, businesses must adopt the CCPA’s regulatory compliance best practices to their respective business models and operations.
Before delving into the best practices, do know that the CCPA regulatory compliance is binding on companies that:
- directly or indirectly receive personal information from California residents, and generate more than $25 million annually in revenue;
- annually receive the personal information of 50,000 or more California residents, devices, or households annually (directly or indirectly), or gets at least 50% of revenue from the sale of personal information about California residents.
CCPA Best Practices
The tasks ahead for CPOs and DPOs includes the development of key policies, adoption of evaluation tools, implementation of comprehensive compliance plans, and many more. Corporate privacy compliance leaders can adopt the following best practices:
- Transparency in Data Policy Languages: Businesses have to prop up their privacy notices that pop up when consumers want to use their products or services, describing how the CCPA affects data accumulation and users’ privacy options, how users’ rights are related to privacy protection, and how those rights differ from pre-CCPA rights.
- Looping-in Data Processors: The CCPA now requires businesses to report consumer data deletion requests to its service providers. This means that businesses must ensure that Customer Relationship Management (CRM) service providers are actively partnered with in the fulfillment of CCPA provisions including, privacy protection processes and mechanisms.
- Fulfillment of Data Requests: Consumers have rights under the CCPA to request and obtain within 45 days, their private data from a business organization. Also, users can request the deletion of their data. Facilitating compliance with these requests means that organizations need to review how it responds to data requests, address gaps, and perhaps automate the process.
The bottom line is that businesses need to be creative and open-minded in their drive to be CCPA regulatory compliant. It’d save everyone resources spent on enforcement.