View Products Overview

Get secure, compliant digital signatures in seconds.

Easily collect staff, customer, or patient data with compliant digital forms.

Merge data from multiple sources and generate fillable documents with ease.

Integrate signatures, forms, documents, and workflows into your native apps in minutes.

Help your departments work faster with eSignatures, forms, and documents connected by intelligent workflows.

Featured News
OnTask API logo
OnTask Launches eSignature API to Connect eSign Capabilities


What You Need to Know About CCPA Compliance

Published: February 15, 2022
California Consumer Privacy Act

Let’s be real. In the world we live in today, it’s hard to feel like we have control over our own personal data. And worse, data breaches and security problems with the businesses that collect our data have caused many people around the world to fall victim to their data being stolen and sold on the dark web. 

This is why the state of California issued the California Consumer Privacy Act, a law created to protect consumer data and give people more control over how businesses share their personal info. If your business services customers in this state, you’ll want to ensure your business stays within CCPA compliance.

 Let’s dive a bit deeper into what CCPA compliance is, and why it matters for consumers and businesses.


What is Exactly is CCPA Compliance?

CCPA is a state-wide data privacy law that governs how businesses all over the world handle the personal information of California residents. This law recently went into effect on January 1st, 2020. As mentioned above, the primary objective of the California Consumer Privacy Act is to give California residents more control over their personal data and how businesses are allowed to use this information. The law allows California residents to:

  • Know about the personal information a business collects about them and how it is used and shared. California residents can demand businesses to disclose personal information they have collected, used, shared, or sold and why they have collected, used, shared, or sold that information.
  • Compel a business to delete personal information collected from them. (However, this right comes with many exceptions that allow businesses to keep customer information.)
  • Opt-out of the sale of their personal information. Businesses must stop selling customer information when they receive the opt-out request. The law permits some exceptions to this regulation. Residents can only opt back after 12 months.
  • Demand for fair treatment free of discrimination when exercising their CCPA rights. Businesses cannot deny or treat residents who exercise their CCPA rights differently. However, if the resident blocks the business from necessary information to provide a service, the business is permitted not to offer the service.

The law also states that businesses must give consumers notices explaining their privacy practices. These notices must detail categories of personal information that the business collects and how these information categories are used, and must also contain a link to the business’s privacy policy to give consumers full transparency.


How Do You Stay CCPA Compliant?

While many businesses perceive CCPA compliance as a one-and-done type of thing, the reality is that it’s an ongoing process requiring continuous efforts and vigilance. To effectively comply with CCPA regulations, businesses must observe two sets of responsibilities—responding to consumers’ privacy requests as they come in and keeping the privacy program up to date as laws and business practices change. So, staying agile as policies ebb and flow is essential.


Responding to consumer requests

One of the most essential requirements of meeting CCPA compliance is responding to customer requests in a timely manner. Companies must swiftly respond to opt-out requests, deletion requests, and inquiries on the type of data they are collecting. By using a system that can quickly delete customer info, remove users from data collection programs, and provide the necessary disclosures, businesses can quickly pivot and respond to these requests as they come in. Waiting until the last minute on these can lead to violations, fines, and injunctions, but we’ll touch on that a bit more later.


Privacy policy updates

Privacy laws such as CCPA are constantly changing. And, as we know, business operations tend to change as businesses grow and markets shift. To ensure your company remains compliant with CCPA regulations, keeping up with new updates and requirements is paramount. One of the best things you can to is to ensure your HR team or compliance team are conducting regular check-ups on new laws on a regular basis. 


Repercussions of CCPA Non-compliance

Currently, enforcement of CCPA regulations is mandated through the California’s Office of the Attorney General (OAG). As soon as the OAG is notified of a CCPA violation, the office sends a 30-day cure notice. If the period elapses and the business in question still fails to comply, they face  two types of enforcement—injunctions and hefty civil fines. Neither of these are great options and can have significant impacts on your bottom line.


What is an injunction?

An injunction is a court order that directs a person or an entity to perform or stop performing a specific act. In the context of CCPA enforcement, the OAG can seek a court order to stop the involved business from collecting California residents’ personal information. The injunction may even order the business to cease its operations in the state, which can greatly effect business depending on what industry the business is in.


What do these hefty civil fines look like?

As mentioned above, businesses that violate the CCPA regulations may also be punished through fines. The law directs that non-compliant businesses can be fined up to $2,500 per violation. Since businesses collect data from a multitude of users, these fines can be staggering, adding up to thousands of dollars. International businesses can be fined up to $7,500 per violation.


CCPA Vs. GDPR Compliance

Both CCPA and GDPR are data privacy laws tailored to protect consumers’ privacy. Both laws are carefully designed to give consumers power over how their data is collected, stored, and used. Even though they are meant to serve a similar purpose, both differ in several ways. For instance, under GDPR, only businesses with consent are allowed to collect and use customers’ data. In CCPA, businesses can collect and use anyone’s data as long as they provide an option for consumers to opt-out and their data to be deleted. GDPR applies to all organizations that collect and use consumers’ data. CCPA on the other hand  only requires for-profit organizations with specific attributes to comply.


Stay CCPA Compliant with the Help of OnTask

If your business collects data from California residents, staying within CCPA’s guidelines should matter to you. Luckily, OnTask makes it easy to check the box on all requirements. In addition to HIPAA, FERPA, and SOC 2 compliance—OnTask has the features needed to satisfy all of the intricacies of CCPA compliance. Here’s how: OnTask makes it easy for you to manage data, secure access, and delete records upon request. And, you can even present privacy policy disclosures to users as part of your workflow.

Staying in compliance shouldn’t be a hassle. Contact us today or schedule a free demo to see how we can help.