Compliance with the CCPA is a huge topic - but here are a few basics that everyone should know. Compliance means the procedures, policies, and work culture that ensure a company follow the law.
Some key areas of CCPA compliance are as follows:
- Privacy policy requirements
- Data security
- Consumer rights requests (including the right to opt-out of their data being sold)
- Service provider contract terms
Notice and Transparency is the obligation to have a public facing privacy notice and make sure that consumers see it. Companies need to have reasonable Data Security.
Usually this means putting in place things like a written information security program, governance and accountability - having someone in charge of security, employee training; and an incident response plan.
A company needs to have a plan to respond to Requests from Consumers (also called “Data Subjects”), including the right to know about what personal information a company processes, access to that personal information, deletion of personal information, the ability to opt-out of the sale of personal information, and companies have to train employees who handle consumer rights requests.
Companies have to enter into contracts with service providers that restrict them from using the personal information for any purpose other than providing the services.
And much more!