Winter is coming, and so is CCPA. In fact, companies have just over three months to comply with California’s Consumer Protection Act (CCPA). Is your business ready? According to a March 2019 poll conducted by the International Association of Privacy Professionals (IAPP) and OneTrust only 55% of US privacy professionals plan to be CCPA-compliant prior to the law’s effective date of, January 1, 2020. If your organization hasn’t started prepping in earnest for CCPA, keep reading. This article will give you a quick overview of what CCPA is, what businesses it will affect and some basic steps to prep for it’s “go-live”.

What is CCPA?

CCPA is the nation’s strictest privacy legislation, often nicknamed “America’s GDPR”, in reference to the landmark privacy regulations enacted by the E.U. in May 2018. The new law gives California residents greater consumer rights over the control of their personal information. The new consumer rights can be grouped into five main categories:

 

  • Businesses must inform consumers of their intent to collect personal
    information.
  • Consumers have the right to know what personal information a company
    has collected, where the data came from, how it will be used, and with
    whom it’s shared.
  • Consumers have the right to prevent businesses from selling their personal
    information to third parties.
  • Consumers can request businesses to remove the personal information
    that the business has on them.
  • Businesses are prohibited from charging consumers different prices or
    refusing service, even if the consumer exercised their privacy rights.

What Businesses are Impacted

Even if your organization isn’t located in California, it may still be required to comply with CCPA if:

It does business or has customers (or potential customers) in California

AND it meets one of the following criteria:

 

  • Its annual gross revenue is more than $25 million.
  • It receives, shares, or sells personal information of more than 50,000
    California residents, households or devices
  • It earns 50% or more of its annual revenue from selling personal information
    of California residents.

Getting Compliant

According to an excellent article in Forbes, here are a few of the ways that businesses can prepare themselves for compliance with CCPA:

  • Evaluate current capabilities by identifying and classifying personal data
  • Review your organization’s current data-governance capabilities against
    what’s required in CCPA and make adjustments as necessary
  • Take stock of your privacy controls, keeping an eye out for gaps in meeting
    CCPA requirements. Then prioritize the processes, software and systems
    that need to be updated.
  • Implement regulation monitoring procedures to ensure your business
    continues to be in compliance over the long run.

If you need help taking stock of your privacy controls or updating technologies with an eye toward CCPA, Dev IQ can help. We’re a software development form that specializes in creating solutions and processes that are secure and compliant. We believe in privacy-by-design where privacy controls and standards are baked into software development or refactoring, rather than applied at the end or as add-ons. (click here to read our 7 Foundational Principles of Privacy by
Design). We have deep experience in PCI compliance, HIPAA and IoT security, and can help your organization move into the newest era of privacy and security with our expertise and proven processes. Let’s connect.

James Shelby

CTO, multiple patent holder, & flip-phone collector.