CCPA is Coming. Is Your Organization Ready?
Winter is coming, and so is CCPA. In fact, companies have just over three months to comply with California’s Consumer Protection Act (CCPA). Is your business ready? According to a March 2019 poll conducted by the International Association of Privacy Professionals (IAPP) and OneTrust only 55% of US privacy professionals plan to be CCPA-compliant prior to the law’s effective date of, January 1, 2020. If your organization hasn’t started prepping in earnest for CCPA, keep reading. This article will give you a quick overview of what CCPA is, what businesses it will affect and some basic steps to prep for it’s “go-live”.
What is CCPA?
CCPA is the nation’s strictest privacy legislation, often nicknamed “America’s GDPR”, in reference to the landmark privacy regulations enacted by the E.U. in May 2018. The new law gives California residents greater consumer rights over the control of their personal information. The new consumer rights can be grouped into five main categories:
- Businesses must inform consumers of their intent to collect personal information.
- Consumers have the right to know what personal information a company has collected, where the data came from, how it will be used, and with whom it’s shared.
- Consumers have the right to prevent businesses from selling their personal information to third parties.
- Consumers can request businesses to remove personal information that the business has on them.
- Businesses are prohibited from charging consumers different prices or refusing service, even if the consumer exercised their privacy rights.
What Businesses are Impacted
Even if your organization isn’t located in California, it may still be required to comply with CCPA if:
It does business or has customers (or potential customers) in California
AND it meets one of the following criteria:
- Its annual gross revenue is more than $25 million.
- It receives, shares, or sells personal information of more than 50,000 California residents, households or devices
- It earns 50% or more of its annual revenue from selling personal information of California residents.
According to an excellent article in Forbes, here are a few of the ways that businesses can prepare themselves for compliance with CCPA:
- Evaluate current capabilities by identifying and classifying personal data
- Review your organization’s current data-governance capabilities against what’s required in CCPA and make adjustments as necessary
- Take stock of your privacy controls, keeping an eye out for gaps in meeting CCPA requirements. Then prioritize the processes, software and systems that need to be updated.
- Implement regulation monitoring procedures to ensure your business continues to be in compliance over the long run.
If you need help taking stock of your privacy controls or updating technologies with an eye toward CCPA, Dev IQ can help. We’re a software development form that specializes in creating solutions and processes that are secure and compliant. We believe in privacy-by-design where privacy controls and standards are baked into software development or refactoring, rather than applied at the end or as add-ons. (click here to read our 7 Foundational Principles of Privacy by Design). We have deep experience in PCI compliance, HIPAA and IoT security, and can help your organization move into the newest era of privacy and security with our expertise and proven processes. Let’s connect.
Let’s build something beautiful together.
CTO, multiple patent holder, & flip-phone collector.