CCPA Compliance Solutions: How Do I Ensure My Business is Compliant?
There are still many questions surrounding CCPA and how businesses should comply. Many tech companies are offering their own compliance solutions, but how do you know if these solutions are right for your business?
Ask the Tough Questions
If you are looking for a CCPA compliance solution for your business, make sure you ask the right questions.
How does your software ensure my business stays compliant?
This may seem like a simple question, but it isn’t. A reputable CCPA compliance solution will be consistently updated and maintained, since the language of the CCPA laws change frequently.
The solution should provide you with reliable, built-in features, such as:
• The ability to capture all personal and personally identifiable information known about each consumer
• The ability to capture, track and report CCPA compliance details such as sources of information, purposes for capturing or selling consumer data, categories of data in your possession and specific pieces of consumer information that are captured.
What CCPA compliance items does your solution satisfy?
The solution you choose should satisfy all of the required stipulations under the CCPA regarding notices, transparency and consent management.
A good solution will offer:
• Clear consumer rights notifications
• An easy way for consumers to access their personal information
• Strong validation for consumer inquiries to guard against fraudulent access request
• Online reporting to satisfy disclosure requirements
• Opt-out and Delete handling, including service provider notification
• Automated disclosure handling regarding the categories and specific pieces of information that are being collected, how that information is being used and to whom it is shared or sold
Is Your Company Ready?
Recent estimates indicate that only 8% of companies are prepared for the CCPA. Ensuring your business is compliant will prevent you from racking up unwanted fines and penalties.
As a first step, you should do a complete data inventory of all the personal information you’ve gathered about consumers and your sources for collecting this data.
My Data Privacy can help you in this audit process, offering solutions to help your business meet specific disclosure requirements. We can also help you capture the necessary data points regarding categories and specific pieces of personal information in your possession.
The CCPA requires you to provide a ‘disclosure’ at or before the data collection point.
Under the new law, you are required to create a distinct link on your home page titled, “Do Not Sell My Personal Information”. This should link to a specific page on your website that allows consumers to access their personal information, opt out of having their personal information shared or sold and also offer the option to request deletion of their personal information.
The team at My Data Privacy can help you develop the content on the “Do Not Sell My Personal Information” landing page.
Develop Processes for Handling Consumer Requests
The CCPA allows consumers to request access to the personal information you maintain in your database. Under the Act, you are required to respond to these customer requests within 45 days.
CCPA grants consumer the following rights:
The right to know:
• Requires businesses to disclose any personal information that is collected and the purposes for which the personal information is used.
The right to request:
• Grants consumers the right to request that a business disclose the categories and specific pieces of personal information the business collects about them, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared.
The right to opt-out/delete:
• Provides consumers with the right to opt out of the capturing or sale of personal information and prohibits the business from discriminating against the consumer for exercising this right, including by charging the consumer who opts out a different price or providing the consumer a different quality of goods or services.
• Grants consumers the right to request deletion of personal information and would require the business to delete personal information upon receipt of a verified request.