CCPA Compliance: Your 7-Step Guide to Preparing for January 1, 2020
November 11, 2019
by Tirtza Giles
If your business relies on customer data, there’s a good chance the closing months of 2019 and the start of 2020 will see you devoting significant time and resources to ensuring compliance with the California Consumer Privacy Act (CCPA) – a historic law slated to go into effect on January 1, 2020.
With that challenge in mind, we recently published a new eBook offering companies guidance to help them ensure compliance ahead of the implementation of the new law. You can now download Preparing for CCPA Compliance: 7 Steps to Ensure Compliance and Protect Your Business on our website.
The CCPA sets new restrictions and obligations for companies that gather (or take part in the gathering of) consumer information, while threatening new penalties for noncompliance. Following the May 2018 introduction of the European Union’s General Data Protection Regulation (GDPR), the CCPA represents a groundbreaking effort to protect the privacy of individual consumers in an era of unprecedented data collection. In some respects, it sets restrictions exceeding those of the GDPR.
And don’t let the name fool you: While the CCPA will only be on the books in California, its impact will be felt far beyond the Golden State. It’s not just that California happens to be home to information giants like Google and Facebook – it’s also that the law applies to any for-profit business based anywhere in the world that “does business in the State of California” and meets at least one of several criteria laid out in the law.
For a wide variety of data-collecting businesses, compliance will be a labor-intensive undertaking – yet one that is necessary in light of the serious risks facing companies found to violate the CCPA.
Why does CCPA compliance matter?
In cases of noncompliance with the CCPA, the implications for businesses are significant. Should a company fail to adhere to the law, it could risk potentially devastating consequences to its own bottom line.
That’s not just because financial penalties under the CCPA can reach up to $2,500 for each unintentional violation and up to $7,500 for each intentional violation. It’s also because the law gives consumers the right to file individual or class-action lawsuits against businesses that have violated their privacy rights. The penalties can range from $100 to $750 per violation (or the cost of actual damages, should it exceed $750), which makes the potential costs of CCPA violations unpredictable and can cumulatively destroy a small or midsize business.
Finally, it is important to consider the reputational risks of noncompliance. Given the growing public awareness of major data breaches, businesses that receive negative press coverage relating to matters of personal privacy and online security risk a significant loss of customer trust – and, ultimately, of profitability.
What does preparation entail?
If your business adheres to the GDPR, you are already well on your way to CCPA compliance, meaning that some of the tools and processes you will need are likely already in place.
Still, it is important to pay attention to the distinctions between the two laws – differences that can have significant implications for businesses. Because of these differences, complying with the CCPA will likely require you to adapt your existing data protection operations to address the law’s demands.
Perhaps most importantly, compliance is more than a simple project to be carried out by any single department within a company. Rather, preparing adequately for the CCPA can be a major undertaking with substantial technological, legal, and training components.
Among other necessary steps, it is important to make sure that your company does not inadvertently violate the CCPA as a result of third-party services embedded into its website. This requires the kind of continuous monitoring that our Customer Privacy Protection (CPP) solution performs – providing you with the real-time details you need in order to prevent third-party services from putting your business at legal risk.
Finally, it is helpful to keep in mind that compliance with consumer privacy laws is an ongoing process – and the CCPA will not be the end of the story. Not only do websites and online software providers tend to frequently update their code, but the laws governing the use of customer information continue to change frequently. In the wake of the GDPR, a number of other countries have initiated similar legislation protecting consumers’ privacy rights, and the CCPA has likewise inspired similar legislation in a number of states within the U.S. In a business environment in which it’s common to have customers in various jurisdictions, it seems that companies will need to continue adapting to increasing restrictions on their ability to collect, process, and sell consumers’ personal information.
How can your business make sure to avoid violating the CCPA? Click below to download Preparing for CCPA Compliance: 7 Steps to Ensure Compliance and Protect Your Business.