Who doesn’t like a checklist? It helps ensure you’ve got all the details covered. To aid your CCPA regulatory compliance in readiness for January 2020, we have put together this checklist.
Is Your Business Affected?
This is the first thing you want to tick off your checklist. After all, if your business is not affected, you have no business making your business compliant. That said, your business will most likely be affected when you consider that California makes for 12% of the US population and hosts several of the world’s largest tech companies.
Update Privacy Policy
After determining that your business is affected, your first line of action should be to update your privacy policy to be CCPA compliant.
Data Governance
How is the data collected? Who manages the data collected? What categories of data are collected? What purposes are the data collected used? Answering these questions will produce a data map, record or inventory that helps businesses pinpoint where their obligations arise and how to meet them.
Create Consumer Accessibility Options
Provide several options through which consumers can contact you whenever they wish to exercise their rights like a request for access or deletion. Examples include a toll-free number, email and even in-person meetings at your business offices. We have two posts on consumer rights under the CCPA on this blog.
Incorporate an Identity Verification System
This is essential both for consumer data protection and access. It will also help in automating certain rights and requests. A consumer who can verify their ownership of data can also proceed to exercise their rights, for example, to deletion on their own.
Installing an Opt-Out or Opt-In Button
Let consumers decide if they want their data sold to third parties by giving them this button. Moreover, this helps you reduce notices that need to be sent during a sale. This consent button especially applies to minors, below 13, through their parents. While 13-16 must give direct consent.
Determine Whether Management of Consumer Data Involving Third Parties Amounts to ‘Sale’
The definition of sale under the CCPA is a broad one. All third party relations will need to be assessed.
Implement Training Programs
It is famously said that humans are the weakest links in the chain of security and protection. Equipping staff, including those who do not handle consumer’s data, with requisite knowledge will go a long way in ensuring compliance at, during and after collection of data.