Are you looking for an example CCPA compliance checklist to do an initial high-level assessment? Are you already aware of the conditions and is your organization CCPA proof?
The intention of the California Consumer Privacy Act (CCPA) is an important change in data privacy regulations in the USA, that aims to protect the privacy rights, personal information of consumers in California, United States. The bill (AB-375) was passed by the California State Legislature and signed into law by the Governor of California, on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code.
The CCPA applies to any business, including any for-profit entity that collects consumers' personal data, which does business in California, and satisfies at least one of these thresholds:
- annual gross revenues in excess of $25 million;
- possesses the personal information of 50K or more consumers, households, or devices; or
- earns more than half of its annual revenue from selling consumers' personal data;
- organizations are required to "implement and maintain reasonable security procedures and practices" in protecting consumer data.
Definition Personal Information according to CCPA: The real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
The intentions of the Act are to provide California residents with the right to:
- access their personal info;
- prevent the sale of personal info;
- know what personal info is being collected about them;
- know whether their personal data is sold or disclosed and to whom;
- request an organization to delete any personal data about a consumer collected from that consumer;
- not be discriminated against for exercising their privacy rights.
Enforcement date: January 1, 2020, at which time those businesses in non-compliance may face civil fines between $ 2,500 and $ 7,500 USD. Californian residents have the private right of action for data breaches, in case of failure is proven, there can be statutory damages between $ 100 and $ 750 USD.
What steps to take to become CCPA Compliant?
- Verify that CCPA applies to your business;
- Inspect which data elements are collected of residents covered by CCPA;
- Document and Organize CCPA PI (Personal Information) should be handled;
- Update website home page;
- Ensure Process in Place that documents and collects all PI data being stored;
- Setup Accountability, Response, and Collection Process to handle "Request for PI";
- Create policies that reconcile the CCPA’s requirement to delete data upon request (incl. need to preserve evidence in litigation and avoid sanctions for spoliation of evidence);
- Setup process to respond on and process "Request for Deletion";
- Setup "right to Opt-in" for Minors;
- Provide Employee Training;
- Review existing contracts with third parties regarding the usage of PI;
- Ensure that consumers protected by CCPA have the right to equal service and price;
- Setup Incident Response Plan.
We're here to help you become compliant. The CCPA comes with a set of Rules and Regulations for the protection of personal data inside and outside the state of California and affects all businesses that save personal data from California residents.
We provide example CCPA document templates and also a complete set of CCPA templates in order to help you to comply with the new amendment of the California Civil Code. These CCPA document templates are provided in Microsoft Office formats, and easy to customize to your organization’s specific needs. Often completed example documents are also provided in order to help you with your implementation in order to save precious time.