As more people buy products online, they are required to share personal information. For many, this isn’t a big deal. It’s something they have come to expect and are used to. However, there is a growing concern over what happens to that information. Cybercrimes and identity thefts are increasing, and no one wants to deal with having their personal information stolen.
To protect consumers and their data, California passed the California Consumers Privacy Act (CCPA) in 2018. It clearly defines how businesses should collect, use, and protect their customer’s personal information. When it comes to CCPA compliance requirements, there are some things you need to know.
Knowing if the CCPA Compliance Requirements Apply to You
The CCPA was put into place to protect California residents, but not every business must comply with the act. If your business falls into the following categories, you need to fulfill the requirements of the CCPA:
- Your business collects personal information from California residents
- You have annual gross revenues of at least $25 million
- You obtain personal information from a minimum of 50,000 California residents, households and/or devices every year
- 50% of your annual revenue is generated from selling the personal data of California residents
The size of your business doesn’t matter. Whether you are small or large, if you fit into the criteria listed above, you are expected to comply with the CCPA requirements.
What Happens If You Don’t Comply?
If you’re thinking that you might try to find a way to get out of being CCPA compliant, it’s recommended that you don’t. Not only does this put you at considerable risk for fines, but the Attorney General can also file a civil case against you. The penalty can be up to $7,500 per violation if your data is breached.
That can add up quickly and cost you a lot — and not just in hard-earned profits. Customers will lose their trust in you. If you don’t have your customers’ trust, being able to sell what you have to offer can be incredibly challenging. Thus, finding a way to protect consumers is in your best interest. It’s also beneficial to protect your employees, so you might want to look into EPLI coverage and see if it can help.
How to Comply with the CCPA
Many businesses think that the CCPA and the European Union's General Data Protection Regulation (GDPR) are the same, but they aren’t. You might also feel that since you are GDPR compliant that you also have CCPA compliance, but this isn’t the case. You have covered some of the steps, but there are a few more that you’ll need to take. These include the following:
1. Know What Personal Information You Are Collecting
The first thing you need to do to fulfill the CCPA compliance requirements is to know precisely what kind of personal data you collect and where it comes from. This includes the category of information, which might consist of an email address or other data and the specific information, which might consist of a social security number.
You’ll also need to know where the personal information came from. Did the consumer give it to you directly? Did you obtain it from a third party? If it came from a third party, do you have an agreement that explains how personal information can be collected and used?
Did you gather the data through an online application? Was it collected during the process of making an online sale? Were you doing a marketing campaign and asking for information for a newsletter?
Before you can move forward and become compliant with the CCPA, you need to know exactly what type of information your business is collecting.
2. How is Personal Information Stored?
After you have determined precisely what type of personal information your company collects and how you need to look at how it’s stored, does your business ever delete information? If so, when?
You’ll also need to look at how your business uses the data you collect from consumers. Is there someone in the company who can change how you use the information? If so, who and how often?
You’ll then need to figure out if any of the personal information you collected was sold to a third party. It’s helpful if you know who the third party is and how the data was sold. During the transaction, it’s beneficial to record what rights were granted in the use of personal information.
In addition to looking at how your company stores consumer data, it’s also essential to determine how safe it is. The last thing you want to deal with is a data breach, but it can happen. Ensure that best practice safety protocols are in place and consider getting rid of stale personal data. This poses an unnecessary security risk.
3. Update Your Privacy Notices and Policies
After taking the time to determine the type of personal data you collect and how it is stored, you need to update your privacy notices and policies. You have to make this information available to consumers before they submit their personal information to your company.
The notices and policies need to let people know what type of personal information you are collecting and how the company will use it. If your company then sells that information, you have to make consumers aware of this practice. You also have to give consumers the option to opt-out of having their data sold.
4. Continue to Monitor Your Process
Remaining in compliance with the CCPA is not a one-time thing. It requires constant monitoring to ensure that the data is safe and secure. Technology changes rapidly, and cybercriminals are always evolving to steal information.
By continuously monitoring your protection processes and responding to consumer requests for information, you can reduce the chances of a data breach occurring and keep your customers happy.
Purging or deleting old personal data can keep your business in compliance and consumers safe. Keeping current data organized will ensure that you have the information you need to keep your business running and protect your customers from cybercrimes.
It’s also a good idea to review your contracts with vendors and determine which, if any, have access to the personal information you store. If you find that there might be a potential security threat, consider renegotiating the contracts or finding a new vendor.
You’ll also need to take the time to train employees — this goes beyond the IT department. Anyone who might be involved with customer data should be aware of the process and procedure of what you do with the data.
When your employees understand what is expected of them related to personal information collection and storage, they’ll help reduce the risk of a breach at your business.
Trying to take care of requests or answer customers’ questions about what happens with their data isn’t your typical customer service request, and IT departments have other things to take care of instead of fielding these questions. However, if everyone in your company knows the process, they can give customers peace of mind and keep your business in compliance.
Remember, you will be held responsible if something happens to your consumers’ personal information. Make sure you are protected by taking the necessary steps.
Consider Getting Help
Making your business compliant with the CCPA will take time and effort. With so many things to do, it could feel like an impossible task to complete. Instead of trying to go it alone, you might consider working with a professional to help with this endeavor. They’ll be able to walk you through the process and help you implement a plan that will keep your business and customer data safe.
When it comes to growing your business and attracting more customers, you need to work with the right marketing partner. At E-Marking Associates, we have the skills and experience to create websites that will increase sales and leads. We will also help you develop and implement marketing campaigns that will produce the highest ROI for your advertising dollars. Are you ready for success? Contact us today!