Top Three Things Your Business Should be Doing to Comply with CCPA
By: Justin Carter
The start of the new decade also marked the beginning of the enforcement of a new law in California for the protection of consumers' privacy. Assembly Bill 375 / Senate Bill 1121, commonly known as California Consumer Privacy Act (CCPA), gives consumers the right to demand to know what Personally Identifiable Information (PII) companies store and what the companies do with it. If companies do not handle customer data as stipulated by CCPA, consumers can sue them for privacy violations.
Which Companies are Impacted by CCPA?
Not all companies come under the purview of CCPA. The size of a company's customer base, whether California residents are its customers, the company's revenue, and the portion of its revenue from sales of personal data are all factors in determining CCPA's applicability to that company.
Only companies with more than 50,000 customers, that have California residents as their customers, need to be CCPA compliant. Additionally, the company's revenue must be more than 25 million dollars, with at least half of the revenue coming from the sales of personal data. Non-profit firms are exempt from CCPA. It is a good idea for small businesses that are currently exempt from CCPA to still build a compliance framework if they expect their revenue and customer base to exceed the thresholds in the foreseeable future.
Steps to Take for Compliance
There are several things that a company must do to be CCPA compliant. Here are three of the most important:
- Have an adequate data classification and management infrastructure
Customers can now request all their personal data that companies store. They can also ask for the names of other companies who had access to this data in the past 12 months. Customers can ask for their personal data to be deleted and also opt to not have it stored in the future. Businesses have 45 days to respond to customer requests. Hence it is important to have a data management framework that allows quick identification and easy extraction of customers' personal data.
Not only do you need to ensure data organization, but data security. If you’re storing customer data of any kind, the right steps must be taken to prevent theft from ransomware, hacking, internal threats, the list goes on. In 2018, there was a 300% increase in ransomware attacks from the year before; 2019 saw even more. Connecting with a quality, experienced data security team like FUSE3 is the first step in getting an assessment of your data classification and security needs.
- Be proactive with customer notification and requests
Yes, California residents will come to know about the law and its implications but businesses will do well to proactively educate their customers about their rights and options under CCPA. It will favorably position your business as a responsible company that wants to do the right thing for its customers. And, when there are requests for information or action from customers, be sure to execute them well within the 45 days period that the law mandates.
Since CCPA is a new law, it is likely to undergo modifications in the near future. Keep your customers updated on all the changes to CCPA.
- Prepare for more state laws like CCPA
The future is likely to bring more laws like CCPA from the other states in the USA, and Federal consideration for similar or competing legislation. While you are designing your data management network for CCPA, it makes business sense to make it flexible and adaptable enough to accommodate future laws. And, if your business plans to expand into the EU, consider building a framework that can handle EU's GDPR laws.
And, one other step: if your IT department does not have the bandwidth to take on CCPA, get the help of an expert in the field like us at FUSE3. Providing IT consulting services to businesses in California for almost 30 years, we’re constantly adapting to the needs of our customers and the state of the security atmosphere. Whether you operate an SMB or an enterprise in various sectors like banking, medical, we’ve developed systems and processes for each new need. We can help you achieve compliance with CCPA.
Contact us today for answers to your CCPA questions and what help you may need complying with the new law.