Let Us Guide You Through Your InfoSec & Compliance Journey.
Learn how to use the Compyl Platform.
Watch all Security Session Episodes
Real-world stories on how we help our customers.
In today’s technology-ruled world, data protection is more important than ever. The California Consumer Privacy Act helps Californian consumers ensure that businesses are adequately protecting their personal information. While it may seem like an overwhelming task, this CCPA compliance checklist can help you get organized and compliant more quickly than you think.
While the CCPA’s demands for a high level of consumer privacy can get complicated, we’ve broken it down in a manageable, easy-to-understand way. This checklist will get you on your way to compliance.
TheCalifornia Consumer Privacy Actis a law that provides legal protection for California residents regarding the collection and use of their personal information. It outlines the rights of consumers to opt out of data collection, request information about the collection of their data, and delete that information, if desired.
This law went into effect on January 1st, 2020, and in January 2023 the California Privacy Rights Act took effect. The CPRA is an amendment to the CCPA that expanded requirements and policies related to consumer data collection.
These policies are at the forefront of consumer protection laws in the U.S. and affect a large number of businesses and millions of consumers.
The CCPA requires compliance from any for-profit business that collects user data and meets one of these three circumstances:
Any business serving California residents that fits this description must comply with CCPA requirements. Whether you have a single California client or millions, they are all protected by this act.
There are some exceptions to CCPA regulations. For example, non-profits, insurance agencies, and government agencies are not required to comply. Certain types of data or interactions are exempt, such as publicly available information, information on warranties and recalls, health information, and business-to-business communications.
Compliance depends on understanding consumer rights under the CCPA and CPRA. These are the right to disclosure, the ability to access their information, the right to delete information, the right to opt out, the right to receive fair treatment, the right to notification, and the right to receive privacy policy updates.
Here are the ways you can ensure compliance.
A privacypolicyis essential for CCPA compliance. It’s a legal document posted on your website that lets consumers know exactly how your company collects, protects, shares, sells, and uses their personal information.
Your privacy policy must include information on:
By ensuring the presence of these elements in your privacy policy, you’re on your way to being CCPA compliant.
One element on the CCPA compliance checklist is an opt out page. You must have a page where users can request that you do not sell their data. You may not force users to create an account to opt out.
Use this page to explain what you do with the information and what happens when someone opts out, and let the consumer know how to do so. You can make the opt out directly available online, or you may simply provide contact information for customers who wish to opt out.
You should include the link to this page and other opt out information in your privacy policy.
It’s important to note that the CCPA prohibits companies from discriminating against anyone who opts out of data collection or sale. This means not charging a higher price or refusing services to these consumers.
Children 13 to 16 years of age must opt in to having their data sold, and you must obtain the consent of a parent to sell the date of anyone below the age of 13.
While the CCPA may not regulate exactly how you organize your data, it’s essential to keep it in order. This law requires policy updates every year, where you state which types of information you collected the last year. This means you should have records of all your data collection and sales from a year ago.
You should be auditing and reviewing data each year, as well as ensuring that any third parties you work with are also CCPA compliant.
Put systems into place that ensure that whenever a customer opts out or requests their information be deleted, this request is followed through.
Notification is another important part of the CCPA compliance checklist. California law says that businesses must notify users that their data is being collected either before or at the time of collection.
While your privacy policy and opt out pages should cover this requirement, double-check that you have very clear information on how consumers can request or delete their information. California residents get two data access requests free, per company per year, and you must respond to any requests within 45 days.
Our CCPA compliance checklist gives you the basics you need to become compliant with the law. It’s well worth it to follow through. Businesses that don’t comply with these laws are at risk of lawsuits and fines from the California Attorney General’s Office. These fines can reach up to $7,500 per violation. If your company handles the sensitive personal information of California residents, ensuring compliance is essential. For a streamlined, low-stress way to protect your company from compliance problems, Compyl is here to help. Just contact us onour website.
