CCPA Compliance Checklist in 2020

The California Consumer Privacy Act (“CCPA”) became effective on January 1, 2020 and is being enforced as of July 1, 2020. It is imperative that companies affected by the CCPA implement the proper protocols and procedures in order to comply and avoid significant financial penalties imposed for violating CCPA requirements.
What is the CCPA (California Consumer Privacy Act)?
The CCPA is a state statue that enhances privacy rights and consumer protections for residents of California. The CCPA applies to any company doing business in California, including any for-profit entity that collects consumers’ personal data and satisfies at least one of the following thresholds:
- Has annual gross revenues in excess of $25 million;
- Buys, receives, or sells the personal information of 50,000 or more consumers or households; or
- Earns more than half of its annual revenue from selling consumers’ personal information.
Organizations subject to the CCPA are required to “implement and maintain reasonable security procedures and practices” in protecting consumer data.
The intentions of the CCPA are to provide California residents with the right to:
- Know what personal information is being collected about them;
- Know if and to whom their personal data is sold;
- Prevent the sale of personal data;
- Access their personal data;
- Request that a company delete their personal information for; and
- Not be discriminated against for exercising their privacy rights.
CCPA Compliance Readiness Checklist
Companies affected by CCPA must be compliant with the regulation by January 1, 2020. If you’re not CCPA compliant, now is the time to change! At a high level, CCPA compliance requires companies to:
- Publish (i.e. on your website) a privacy policy that complies with CCPA regulations and is updated at least once every 12 months. This policy must include a list of the CCPA rights that a consumer has, be clear and easy to understand;
- Notify consumers about what happens to their personal data when it’s shared or sold;
- Maintain an inventory regarding data processing history;
- Notify a consumer before or at the point of data collection that you want permission to collect this data;
- Give consumers the right to access the personal data held on them;
- Explain how consumers can make a request for the business to delete their personal data; and
- Create a “Do Not Sell My Personal Information” link on your website’s homepage, as well as any other website page that collects data, if you sell personal information. The link should provide consumers with the ability to easily request that their information not be sold.
Note that the word “sell” in #7 above is somewhat specific with regard to the CCPA. If you transfer customer data through an embedded YouTube clip, for example, this could be considered selling information. As such, it’s imperative for your company to have a full understanding of the steps it needs to take to be CCPA compliant.
Clym helps companies get their websites CCPA compliant quickly and in a cost-effective way. Please contact us to learn how you can get your website compliant today.