Challenges Managing CCPA Compliance
The California Consumer Privacy Act (CCPA) has introduced a new host of requirements for companies doing business in the Golden State, even if they’re not based in California. The privacy act is intended to give California residents more control over how companies collect and use their personally identifiable information (PII) by granting them rights to view and control the PII that companies collect about them, similar to the goal of GDPR in the E.U. Companies subject to the CCPA must comply with the data privacy law by creating mechanisms that allow California residents to exercise those rights.
Under the CCPA, California consumers may request to:
- Learn what personal information is being collected and why
- Have their personal information deleted
- Obtain information about onward disclosures and any reselling of their personal information
Risks from regulatory non-compliance and litigation can be severe. The CCPA allows the state to seek civil monetary penalties for each infraction, and consumers can file their own civil litigation seeking damages arising from personal information breaches. Compliance requires organisations to have effective risk management practices.
Unfortunately, there is still a lot of uncertainty around how to systematise and comply with the CCPA in a way that aligns with the organisation’s other compliance efforts.
Get Started Today