What You Need to Know About CCPA Compliance
Let’s be real. In the world we live in today, it’s hard to feel like we have control over our own personal data. And worse, data breaches and security problems with the businesses that collect our data have caused many people around the world to fall victim to their data being stolen and sold on the dark web.
This is why the state of California issued the California Consumer Privacy Act, a law created to protect consumer data and give people more control over how businesses share their personal info. If your business services customers in this state, you’ll want to ensure your business stays within CCPA compliance.
Let’s dive a bit deeper into what CCPA compliance is, and why it matters for consumers and businesses.
What is Exactly is CCPA Compliance?
CCPA is a state-wide data privacy law that governs how businesses all over the world handle the personal information of California residents. This law recently went into effect on January 1st, 2020. As mentioned above, the primary objective of the California Consumer Privacy Act is to give California residents more control over their personal data and how businesses are allowed to use this information. The law allows California residents to:
- Know about the personal information a business collects about them and how it is used and shared. California residents can demand businesses to disclose personal information they have collected, used, shared, or sold and why they have collected, used, shared, or sold that information.
- Compel a business to delete personal information collected from them. (However, this right comes with many exceptions that allow businesses to keep customer information.)
- Opt-out of the sale of their personal information. Businesses must stop selling customer information when they receive the opt-out request. The law permits some exceptions to this regulation. Residents can only opt back after 12 months.
- Demand for fair treatment free of discrimination when exercising their CCPA rights. Businesses cannot deny or treat residents who exercise their CCPA rights differently. However, if the resident blocks the business from necessary information to provide a service, the business is permitted not to offer the service.
How Do You Stay CCPA Compliant?
While many businesses perceive CCPA compliance as a one-and-done type of thing, the reality is that it’s an ongoing process requiring continuous efforts and vigilance. To effectively comply with CCPA regulations, businesses must observe two sets of responsibilities—responding to consumers’ privacy requests as they come in and keeping the privacy program up to date as laws and business practices change. So, staying agile as policies ebb and flow is essential.
Responding to consumer requests
One of the most essential requirements of meeting CCPA compliance is responding to customer requests in a timely manner. Companies must swiftly respond to opt-out requests, deletion requests, and inquiries on the type of data they are collecting. By using a system that can quickly delete customer info, remove users from data collection programs, and provide the necessary disclosures, businesses can quickly pivot and respond to these requests as they come in. Waiting until the last minute on these can lead to violations, fines, and injunctions, but we’ll touch on that a bit more later.
Privacy laws such as CCPA are constantly changing. And, as we know, business operations tend to change as businesses grow and markets shift. To ensure your company remains compliant with CCPA regulations, keeping up with new updates and requirements is paramount. One of the best things you can to is to ensure your HR team or compliance team are conducting regular check-ups on new laws on a regular basis.
Repercussions of CCPA Non-compliance
Currently, enforcement of CCPA regulations is mandated through the California’s Office of the Attorney General (OAG). As soon as the OAG is notified of a CCPA violation, the office sends a 30-day cure notice. If the period elapses and the business in question still fails to comply, they face two types of enforcement—injunctions and hefty civil fines. Neither of these are great options and can have significant impacts on your bottom line.
What is an injunction?
An injunction is a court order that directs a person or an entity to perform or stop performing a specific act. In the context of CCPA enforcement, the OAG can seek a court order to stop the involved business from collecting California residents’ personal information. The injunction may even order the business to cease its operations in the state, which can greatly effect business depending on what industry the business is in.
What do these hefty civil fines look like?
As mentioned above, businesses that violate the CCPA regulations may also be punished through fines. The law directs that non-compliant businesses can be fined up to $2,500 per violation. Since businesses collect data from a multitude of users, these fines can be staggering, adding up to thousands of dollars. International businesses can be fined up to $7,500 per violation.
CCPA Vs. GDPR Compliance
Both CCPA and GDPR are data privacy laws tailored to protect consumers’ privacy. Both laws are carefully designed to give consumers power over how their data is collected, stored, and used. Even though they are meant to serve a similar purpose, both differ in several ways. For instance, under GDPR, only businesses with consent are allowed to collect and use customers’ data. In CCPA, businesses can collect and use anyone’s data as long as they provide an option for consumers to opt-out and their data to be deleted. GDPR applies to all organizations that collect and use consumers’ data. CCPA on the other hand only requires for-profit organizations with specific attributes to comply.
Stay CCPA Compliant with the Help of OnTask
Staying in compliance shouldn’t be a hassle. Contact us today or schedule a free demo to see how we can help.