How CCPA Consumer Rights Could Impact Your Business
With new compliance rules comes the expectation that consumers will exercise their rights under the CCPA.
Here’s a brief summary of these rights:
• The right to request disclosure of the categories and specifics of any personal information collected
• An overview of how a consumer’s data is used and whether it’s being sold
• The right to opt-out of the sale of this data to third parties
• The right to request that a business delete any personal information
• The right to not be discriminated against because of this request and the right to have this request honored
As a business, it’s important that you present your consumers with an easy, accessible way to exercise their rights under the CCPA.
Keep it Simple
Keep the language and the choices on your website simple. Consumers are more likely to honor your compliance efforts if the functionality and options on your website are easy to understand and follow.
If you don’t comply with the CCPA, the CA attorney general has the independent authority to enforce the law. Consumers have a private right of action under the CCPA, which lawyers will likely enforce. Every business has 30 days to resolve the issue before any action or penalty can be assessed.
Even if individual consumers don’t pursue legal action, businesses can still be penalized by the California attorney general.
Bottom line: You need to be sure that your business is ready for CCPA and has a well-documented process for compliance.
Here are some of the potentially vulnerable areas your business should evaluate:
Personal Data is Unaccounted for
To prepare for CCPA, you should conduct an audit to understand where personal data is stored within all of your organization’s systems and data repositories. From there, you will want to establish effective data handling and management protocols, so you know how the data moves within your organization and who has access to it.
Consumer Data Requests Lack a Response Strategy
Storing personal data in multiple systems or repositories is the reality of most corporations. With the CCPA, you must have an easy, straightforward mechanism for consumers to search, access, and secure personal information your business manages across multiple applications.
This is critical for CCPA compliance. If a consumer makes a data request, you will be required to comply with it. If you don’t have a plan in place to handle these requests and provide consumer access to all data within all of your data silos, your company could be fined for lack of compliance.
Be Prepared for More Data Privacy Laws
Currently, more than 20 other U.S. states are considering privacy legislation, largely based on CCPA language. The U.S. federal government is also ready to consider national legislation. Business leaders should start preparing now and accounting for how they collect and use consumer data.