On January 1, 2020, the California Consumer Privacy Act (CCPA) becomes effective, which means that many companies who do business with Californians will have to be prepared to meet the requirements of CCPA to avoid fines; and potential lawsuits, as the CCPA provides protection for personal information of consumers.
Meeting compliance requirements is nothing new for most companies, but data privacy regulations are growing in number and the aspects of each can sometimes be daunting. This is why we’re sharing with you a simplified checklist. You can get started with the essentials of CCPA, but also get ahead of other data privacy regulations that are most likely going to follow or ones that have taken place already, like GDPR.
In fact, the first thing you can do to know more about your CCPA compliance readiness is to compare what you’ve done with GDPR, since CCPA is similar (it’s actually been deemed even stricter than GDPR). You’ll find some of the commonalities between the two to include:
- Principles about transparency regarding the individual’s right to access of their data, as well as the request of personal data deletion.
- A need for security to ensure you’re taking the measures you need to protect consumer data.
- Potential substantial penalties for noncompliance, with a major difference for CCPA as its fines don’t have a capped maximum (while GDPR caps the maximum fines at not more than 4% of a company’s annual revenue).
Some of the differences between the two regulations are which organizations and individuals qualify, personal data definitions, and individual rights with access, correction, and deletion of the data.
Now for the simplified checklist, here’s what you want to share with your IT team and those who manage data privacy and your compliance program:
- Ensure security and privacy by design and by default. This is for everywhere you house consumer data, which includes your third-party services like cloud providers.
- Locate, identify and classify personal data for when you need to find it to show you know where it is; as well as you being able to locate it readily if deletion, modification, and/or access is requested.
- Set up tracking of personal data via audit trails to demonstrate compliance.
- Be ready to have response capabilities in place to provide the information needed to individual requests for access, correction, deletion and/or transfer of personal data, as well as audit trails to help you prove compliance.
- Implement security controls according to risk, which include things like: vulnerability assessments, access controls, activity monitoring, encryption.
- It’s also important that you have measures in place to effectively prepare for and respond if breach happens.
Hopefully this helps you know exactly what you and your IT team can do to make the deadline and/or prepare now that you are forced to meet CCPA compliance requirements, whichever comes first.
For additional details on CCPA you can refer back to our first article on it, when the proposed bill became effective, by clicking here.
And to schedule your free compliance consultation if you need assistance click here.
Your business success is important to us and when it comes to cybersecurity, it’s just as important as meeting compliance regulations.
Give us a call to talk about the areas you are most worried about when it comes to cyber risks.
Photo courtesy of docstockmedia