With the European Union's General Data Protection Regulation (GDPR) implementation on May 25, 2018, a somewhat similar type of regulation will shortly be introduced in the United States, as well. Known as the California Consumer Privacy Act (CCPA) is expected to come into effect on January 1st, 2020, adding several new regulations regarding consumers' data.
Among these regulations, we can expect things like the rights of consumers to know what data about themselves is being collected, the right to deny the sale of that information, as well as the right to delete that data. They are also entitled to know the commercial purpose of their information, to know which third-parties will have access to it, as well as the private right of action when companies breach that data.
For companies to prepare themselves for the upcoming implementation of the CCPA, they need to be aware of the regulations and assess the business risks that may come attached. Below are several ways for your company to prepare for the California Consumer Privacy Act.
One of the many new requirements of the CCPA is for every business having to deal with California residents is to update their privacy policies so that they include the residents' rights. You will need to have this ready before the act goes into effect on January 1st, 2020.
Leverage the GDPR
With many similarities between the GDPR and CCPA like subject data rights of access, portability, or erasure, companies can leverage their GDPR program now to prepare themselves for the upcoming CCPA better. To do this, you can use a Compliance Manager to ensure that you are up to code for both the GDPR and CCPA.
Mapping Your Data and Sources
One critical aspect that needs special consideration is your data inventories. You will need to map every piece of personal information about your customers, gathered by either your marketing or sales teams. Once this is complete, you will have to make sure that it's prepared for access, portability, and deletion requests from your clients. You will also need to make sure that your marketing software vendors are also able to fulfill these obligations. If not, it would be wise to switch to more privacy-oriented vendors.
Use Encryption to Protect Sensitive Information
The CCPA will impose penalties for data breaches of consumers personal information. When it comes to the GDPR and CCPA, encryption is seen as a useful and effective method of protecting such personal information from unauthorized parties in the event of a data breach.
Verify Your Third-Party Data Sources
Companies will also need to reevaluate those from who they buy customer data. These third parties need to be legitimate; otherwise, you may be subject to hefty fines since this is considered as operating on breached or stolen data.
To comply with the California Consumer Privacy Act, it's best that you find a partner that will help you navigate the path forward. Managed Solution will help ensure that you are in compliance with all the requirements of CCPA. Contact us today!