To kick things off for the blog in a brand new and exciting year, I’m going to be tackling a hot topic for which I have been receiving a lot of questions lately – The California Consumer Privacy Act (CCPA). Incidentally, even though this law was signed in June last year by the California legislature, it doesn’t just affect businesses in California. It can impact you even if your business is located outside of this state.
On another note, The CCPA Act is seen as a trendsetter of sorts, close on the heels of the GDPR, so we can expect other states in the country to follow suit soon. The requirements for the Act will not come into effect until January 1, 2020, after the final list of regulations have been passed, which means we have some time on our hands, but not a lot! However, “forewarned is forearmed’’, so my advice to businesses is to bring yourselves up to speed on the requirements and prepare for the changes as soon as possible. Below, I cover all the key things you need to know about the Act.
What is the California Consumer Privacy Act?
As described in an article by Proskauer, entitled The California Consumer Privacy Act of 2018, the Act defines consumers as natural persons who are residents of California, and has “four basic rights in relation to their personal information:
- The right to “opt out” of allowing a business to sell their personal information to third parties. Or, for consumers who are under 16 years old, the right not to have their personal information sold absent their (or their parent’s) opt-in.
- The right to have a business delete their personal information, with some exceptions.
- The right to receive equal service and pricing from a business, even if they exercise their privacy rights under the Act.”
Who Must Comply with the Act?
The Act applies to for-profit organizations that collect and process the personal information of California residents and engage in Business in the State of California. This includes businesses that don’t have an actual physical presence in the State but participate in sales activities inside of it. Additionally, the businesses must meet the following criteria to be part of the compliance net:
- Their annual gross revenues must be more than $25 million, or
- They must disclose or receive the personal information of 50,000 or more California households, residents, or devices annually, or
- They must obtain 50% or more of their annual revenues from selling California resident personal information.
The act also effects corporate affiliates of these businesses that share their branding.
How Can Contact Centers Start to Prepare for the Act?
Here are some action steps I recommend businesses start taking straightaway in preparation for the Act’s implementation:
- Create a Data Management Plan – which includes reviewing the data you have on hand, your current data collection systems, as well as how you will manage personal information going forward. Privacy-proof your systems, internal policies, and your third-party vendors in order to ensure compliance. Determine how you will manage access and deletion requests from consumers.
- Set Up Your Communication Channels – Prepare to respond appropriately to consumer requests and to communicate how you are conforming to the requirements.
- Keep Track of Regulations – Stay tuned for further updates on the California Consumer Privacy Act’s website.
For more actionable tips, also check out my blog article on planning for a successful 2019, here.
Feel free to reach out to us at any time if you want more insights into how you can make your contact center California Privacy Law compliant. CHCG is an industry veteran in the BPO contact center space and we can offer you unique, customised, customer-centric and profit-driven solutions, tailor-made for your business.