If you aren’t ready for the California Consumer Privacy Act (CCPA), you’re not alone: Only about 11% of U.S. businesses are prepared. But regardless of whether or not you have systems in place to comply, CCPA is now in full effect. Here’s what you need to know to either start getting ready or give your current readiness plan a much-needed check-up.
What Is CCPA?
The California Consumer Privacy Act (CCPA) is a piece of privacy legislation that gives residents of California, United States control over their personal information. It went into effect on January 1, 2020, and is designed to protect the privacy rights of California consumers by requiring businesses to be transparent about their data collection practices and to provide consumers with certain rights and protections with regard to their personal information.
According to CCPA, residents of California have the right to know the personal data companies collected, the right to request that their information be deleted and the right to deny companies the freedom to sell their personal data. Businesses that collect and manage California residents’ personal information must provide clear and concise information about their data collection practices and must take steps to secure consumer information.
The CCPA applies to businesses that meet specific criteria regarding their size, revenue, and the nature of their operations. Businesses that are subject to the CCPA are also required to provide notice to California residents of their rights under the law and to implement reasonable security measures to protect consumer information.
How to Stay Compliant with CCPA
To comply with CCPA, you need to have systems in place for:
- Letting customers know how you use their data internally
- Informing customers about whether or not you share their data with any of your vendors
- Adjusting how you use and share customer data for each of your clients. Because CCPA gives customers the ability to demand that you change how you use their data, you need the agility to be able to do so quickly.
- Storing and easily editing or deleting customer data. If a customer discovers that you have incorrect data, they can force you to correct it, so you need tools that make this straightforward. You only have 45 days to respond to a request to delete data, for example.
- Opting customers out of having their data shared or sold. An opt-out request has to be responded to within 15 days.
- Identifying and classifying different kinds of customer data. For example, some data may be classified as “personal” under CCPA while other information is public, so it’s not subject to the same requirements.
Tools You Can Use to Comply with CCPA
Here are some software functions that do much of the compliance work for you when it comes to CCPA:
- Making customer records anonymous. At times, you may need to share a customer’s information, but if you include identification data, you could run afoul of CCPA. By making customer records anonymous, you can safeguard your clients’ privacy while still sharing other information, such as financial data or the kinds of claims they file.
- Restricting access to personal information. Because CCPA gives customers the right to change who has access to their personal data, you can use software to change access rules in a matter of moments.
- Permanently deleting records. You can use software to designate who can permanently delete records. For instance, you can grant this right to customer service reps who may get a call requesting to delete sensitive data.
- Locking records so their data can’t be processed. Sometimes your system may automatically process data, such as to generate emails or direct reps to follow up on customers. You can use software to prevent specific records from being involved in those and other processes.
Get CCPA Compliant with Ventiv
If you hold customer data, you can use Ventiv’s secure RMIS software to take control of your data governance strategy—and avoid slipping out of CCPA compliance. With Ventiv's data governance solutions for risk management, you get the ability to:
- Restrict who can access certain data
- Permanently delete data records and decide who has the power to do so
- Make data records anonymous
- Restrict who has access to customer data, and change access policies whenever you need to
- Automate your data retention policies
- Lock customer records so data-based processes don't use them
Ventiv gives you the infrastructure you need to quickly adjust your data management policies to align with CCPA, as well as other data standards, such as the General Data Protection Regulation (GDPR). Not only does this keep CCPA enforcers at bay, but it ensures customers that you value their privacy and data protection rights. To discover more features of Ventiv’s data management solution, reach out today.
