CCPA Compliance | NAVEX Global

What is the CCPA?

Going into effect on the first day of 2020, the California Consumer Privacy Act (CCPA) brings a new host of requirements for companies in scope doing business in the Golden State – not just based in the state. The privacy act aims to give California residents more control over how companies collect and use their personally identifiable information (PII) by granting residents certain rights to see and control the PII that companies collect about them. Companies subject to the CCPA must comply with the data privacy law by creating mechanisms that allow California residents to exercise those rights. Under the CCPA, California consumers may request to:

• Learn what personal information is being collected and why

• Have their personal information deleted

• Obtain information about onward disclosures and, if applicable, the “selling” of their personal information

• Learn the categories of third parties with whom their data is shared, as well as from whom their data was acquired

Enforcement and litigation risks for non-compliance could be severe. The CCPA allows the state to seek civil monetary penalties for each infraction, and it also allows consumers to file their own civil litigation seeking damages arising from certain personal information breaches.

Get Started Today

What you need to comply with the California Consumer Privacy Act

Clear Policies

Development and disclosure of privacy policies to align with CCPA compliance

Intake Systems

Mechanisms to allow consumers to submit data subject requests

Data Map

The company should identify PII it collects about California residents, how that data is processed, and where the data resides

Training

Employees must be trained on the company’s responsibilities under the data privacy law on how to handle consumer inquiries

Third-Party Risk Assessment

Processes to research and vet third parties that handle consumers’ PII on the company’s behalf

Breach Response Plan

Protocol to disclose a breach once discovered, or to investigate allegations of a breach brought to the company’s attention.

Steps You Can Take to Ensure Your CCPA Compliance Moves Forward

Step 1: Make sure your policies and procedure management program remains in alignment with California’s data privacy law as it evolves.

Step 2: Offer multiple methods for consumers to submit data subject requests, including a toll-free telephone number and a web-based method.

Step 3: Train employees on how the CCPA applies to their duties to ensure all individuals responsible for handling consumer inquiries understand how to comply with your organization's privacy policies and procedures.

Step 4: Perform a risk assessment on third parties you share data with and service providers that handle PII on your company’s behalf. Confirm that your policies and procedures for working with those third parties and service providers address CCPA compliance issues.