By MatrixPoint


Find out how to avoid major fines by becoming CCPA compliant as quickly as possible with MatrixPoint.

With a maximum penalty of $7,500 per offense, failure to comply with the CCPA can quickly become quite costly, so it’s important for all businesses to become CCPA compliant as soon as possible to avoid any potential fines, fees or penalties.

The CCPA applies to businesses pulling in $25 million or more a year in revenue, managing records of more than 50,000 consumers, or generating half of their earnings by selling consumer data. If any of these conditions apply to your business, then CCPA compliance will be essential to protecting it from being hit with massive fines, fees and penalties.

 

Is There A Shortcut To CCPA Compliance?

In a word: no. Because the CCPA requires such a complicated response, there really aren’t any shortcuts to getting compliant with the new regulations.

With that said, the first step to getting compliant is understanding what exactly the CCPA requires your business do, and the fastest way to figure that out would be to get assistance from a data compliance expert who specializes in the CCPA.

For help in getting your business CCPA compliant quickly, contact MatrixPoint for a free consultation by calling 800-683-6983 or filling out our contact form

 

How Can I Make the CCPA Compliance Process More Efficient?

Data mapping is an important part of the CCPA compliance process. It is not directly required by the CCPA, but organizing your consumer data will make the compliance process far more efficient. Data mapping is the process of organizing and categorizing what type of information you collect, where you store it and what you do with it.

To ensure efficient and quick CCPA compliance, businesses should have all of their legally required information readily available upon request. This can be done in several ways, but appointing a specific employee or team of employees to be in charge of this process is a common solution.

Most companies will need to assign an employee or a department to be responsible for organizing access to all of the collected consumer information, understanding and being able to explain data use policies, and identifying if and how any 3rd party service providers are getting access to consumer data, as CCPA regulations require that your company is capable of clearly explaining all of these processes to any consumer who requests the information.

 

Can I Just Update My Privacy Policy?

While your privacy policy should be updated to reflect changes required by the CCPA, these updates alone are not enough to become CCPA compliant. The privacy policy itself is only a small part of the compliance process, so simply updating it will not provide you with proper coverage from CCPA fines, fees and penalties.

The updates to your privacy policy should include a clear breakdown of what categories of consumer information are being collected, what that information is being used for, which 3rd parties the information will be shared with, and it needs to include clear statements about how consumers can request access to their personal details that you have collected.

That last bit is perhaps the most important update to deploy, because the CCPA is all about offering consumers better protection of their data, and if your privacy policy doesn’t include a clear process for finding out what specific information you have on CA consumers, then your company will be found in breach of CCPA guidelines.

But remember, just updating the privacy policy isn’t going to be enough to get your compliant with the new CCPA guidelines, because you’ll have to actually have the systems in place ready to respond to any consumer requests for information as well!

 

CCPA Compliance Checklist

CCPA compliance guidelines may be complicated, but there are several clear steps that your company can take to start moving towards compliance quickly, including:

  1. Determining whether your business is affected by the CCPA in the first place. If your business will be affected, then you’ll need to determine whether the personal information that your company has collected is protected by CCPA regulations. This includes name, address, email address, phone number, driver’s license number, network activity, professional information, internet activity and many other types of data.
  2. Taking a thorough inventory of all of the personal data collected from consumers. Having all of this information compiled will make it easy to respond to requests and fulfill CCPA requirements.
  3. Being prepared to provide access to stored information about specific consumers, and to delete that information when requested to do so. To be compliant with the CCPA, you must acknowledge, respond to and follow through with these requests in a timely manner.
  4. Understanding exactly how your company shares personal information. This includes exchanging a consumer’s personal information in exchange for anything, not just money. Compliance teams will need to be aware of each entity that a business has shared information with. The CCPA requires businesses to provide consumers with details about what information was shared, who it was shared to, and the option of “opting out” of having their personal information shared.
  5. Determining whether your organization is a single business entity or if you have affiliates, and then if you do have affiliates, figuring out what kind of information you are sharing with them. An affiliate or 3rd party under the CCPA refers to any business that is outside the bounds of your own company, its parent company, and subsidiaries. You must provide the consumer with the option to opt-out of having their information collected or shared with affiliates and 3rd parties.
  6. Figuring out if you need to update your public disclosures to be compliant with the CCPA. This is very important and requires you to disclose to consumers how the CCPA changes affect them and what their rights are. You’ll need to make it clear that consumers now have a right to request what information you’ve collected about them, whether you’ve shared it with any other entities, and you’ll need to allow them the option of opting out of having it shared again, or deleting it entirely from your database.
  7. While the CCPA strictly prohibits companies from discriminating against customers that choose to exercise their CCPA rights, it does allow businesses to incentive customers when related to the overall value of the information provided in certain collection practices. Compliance teams should be aware of these incentive opportunities and the specific situations in which they are permitted.
  8. Providing minors with the right to “opt-in” is mandatory. All businesses under CCPA are strictly forbidden from sharing or selling any personal information from minors aged 13 to 16 without express “opt-in” consent from them or from their parents or legal guardian. These practices are regulated by both the CCPA and the Children’s Online Privacy Protection Act, or COPPA, which gives parents control over the privacy of their children on the internet. Your business may already be compliant with COPPA, but that does not necessarily mean it is in line with CCPA.
  9. The CCPA does not lay out strict requirements for data security practices, but a data breach could result in significant fines. As a result, businesses should review data security protocols to ensure that they aren’t going to unintentionally expose consumer privacy data. It is a good business practice to update your security protocols somewhat regularly anyway, so doing so in order to reach compliance is a win-win situation. Even though a data breach may unintentional, under the CCPA your company will ultimately still be held responsible for any data breaches.
  10. Mitigate your business’s liability exposure. Under the CCPA, businesses have a private right of action. In the event of a data breach, companies are given a 30 day period to work towards fixing the violations before being fined for statutory damages. The CCPA increases liability exposure, so businesses should be aware of this increased financial risk.
  11. Staying up to date on any amendments and updates that may come along with the CCPA. The California Attorney General may issue updates as the legislation continues to be implemented.

Failure to comply with any of the requirements of the CCPA will result in fines, fees, and penalties. To protect your business against these, it will be critical to organize, categorize and examine all of the consumer information that your business collects, stores, or has access to. The requirements of the CCPA shouldn’t necessarily force you to do a total overhaul of your organization, but changes are likely to be necessary.

The easiest way to get CCPA compliant quickly will be to hire a data protection privacy expert who can review your business practices for you and inform you of exactly what needs to be done to ensure compliance with the new regulations.

 

Contact MatrixPoint For Assistance

If your business isn’t prepared to handle CCPA requests, then it may be hit with significant fines, fees, and penalties, so it’s important to pay close attention to the new CCPA regulations and ensure that you have a plan in place for dealing with all these new privacy protection requirements.

For assistance in getting your company CCPA compliant quickly, schedule a free consultation with MatrixPoint.

Call us at 800-683-6983, or simply fill out our contact form.