Self Auditing For CCPA Compliance

With the California Consumer Privacy Act (CCPA) coming into effect on January 1, 2020, your business must be compliant with the regulations of this new law. The law states that enforcement actions are not to take place before July 1. 2020. However, non-compliance with the CCPA puts your business at risk of having to pay substantial fines up to $7,500 per violation. It is, therefore, essential that your business is audited for CCPA compliance. One of the easiest and cost-effective ways to do this is by self-auditing. Below you’ll find key tasks that your business can take to ensure CCPA compliance.

Maintain & Update Privacy Policy

In compliance with CCPA, your company’s privacy policy should now include the following:

  • What kind of personal customer information your company collects and processes
  • Why your business collects and processes personal customer information
  • How does your company manage and process personal customer information
  • How customers can request access, change, move, or delete their personal data
  • Notifying customers about the sale of customers’ personal data and how they can opt-out of the selling of their data

Implement Procedures For Customers To Access Personal Data

Customers need to have access to their personal data according to the regulations of CCPA. To do this, the following procedures need to documented and put in place:

  • A consumer verification process
  • Workflows showing that internal procedure is followed
  • Templates for customer service communications
  • A log that tracks request from customers to access personal data and copies of the response
  • Obtain appropriate opt-in consent for personal information of minors (persons 16 or younger) whose personal data is sold

Have Procedures In Place For Deleting Personal Information 

Like with accessing customers’ personal data, procedures also need to be put in place for deleting personal information, including the following:

  • Create and maintain systems to respond to requests to delete personal information
  • Establish protocols for responding to customers in both a timely and effective manner
  • Identify data that your company may need and how long it can be retained

Create ‘Opt-Out Of Sale Of Personal Data’ Procedures  

Your business needs to provide its customers with appropriate notice that their personal data is being sold. It is, therefore, essential that your business creates ways to do this – for example, via websites – and implement procedures around the opt-out to respond to and honor the customers’ requests.

Update Vendor Contracts 

To comply with CCPA, identify vendors or third parties that receive personal customer information from your business. Once you know who you are selling personal data to, you can ensure that the appropriate contract terms are put in place. Vendors or third parties need to be made aware of your company’s privacy policy and their obligation to comply with it.

Implement Privacy Training for personnel depending on their job function

Depending on their job functions, offer the appropriate training to employees of your company. The training should include the following:

  • What the CCPA is
  • Privacy and security training
  • Introducing templates and scripts for employees to use when addressing customers
  • How compliance to CCPA by employees are evaluated and checked 

Even though this self-audit offers appropriate business guidelines, the new law complex and companies need to adapt and implement their own rules to ensure CCPA compliance.

Elevated has a long history of working with companies in heavily-regulated industries. Contact us today for a free marketing assessment.