I’m sure by now you have heard of CCPA, or the California Consumer Privacy Act. It goes into effect January 1, 2020, and by now you may have already determined if your business will be affected or not. But what exactly do you need to do to become compliant and what do you need to teach your front-line employees?
First, understand exactly what Personal Information (PI) is. CCPA defines personal information as data that “identifies, relates to, describes, is capable of being associated with, or could reasonably to linked, directly or indirectly with a particular consumer or household.” Personal Information includes:
- Demographic information (i.e., name, address, email)
- A unique identifier, such as an IP address and online tracking technologies
- Account or Social Security number
- Driver’s license or passport
- Purchase histories
- Commercial data like information about personal property, purchased products or services
- Online activity
- Biometric, geolocation, employment and education data
The CCPA excludes personal information that’s publicly available as well as any medical or health information collected by a person or business governed by HIPAA.
Before you can train your staff, there are some back-office things to do. The following steps should help.
- Map where Personal Information Resides on your systems. To do that, here are some questions that need to be asked:
- What personal information do you collect or possess?
- Where does it reside and how is it stored?
- How is it collected? (marketing campaign, online form, etc.)
- Is personal information collected directly or is it obtained from a third party?
- Is it shared with others?
- If shared, what is their policies?
- Can the last 12 months be provided in a portable format for consumers?
- Update your privacy disclosures. They should be available publicly posted and available upon request by a consumer. At a minimum, it should include the following:
- Where personal information is gathered from
- The categories of third parties who you are sharing it with
- A link to one or more methods for submitting requests
- What pieces of personal information are being collected
- Update your website.
- You are required to have a privacy link on the homepage of your website. It must be “clear and conspicuous,” titled “Do Not Sell My Information,” and linked to a page that allows consumers to opt out of having their personal information sold.
- Develop a process for handling requests. This process will need to be user-friendly, able to inform third party vendors that data must be deleted and integrate with existing technical infrastructures. These requests must be processed free of charge and within 45 days and should include the following:
- Request a copy of their personal information being collected
- Opt-out of future collection
- Delete the last 12 months of data pertaining to them
- View the categories of information collected about them
- Find out what categories of their personal information are being sold
- Request to opt out of the sale of personal information for those over 16 years old
- Train your employees. Training should take place prior to January 1, 2020 with employees understanding the following:
- What a consumer’s new rights are under the law
- How/where a consumer can make a request to the business
- The length of time for the consumer to receive the request
- The law’s non-discrimination section, for consumers who decide to exercise their rights under the law
- That the physical location of a company headquarters does not determine CCPA coverage
- For this law’s purposes, a consumer is a resident of California
- Whether your organization has decided to apply this law across its entire footprint for consistency sake or only to California consumers
As you can see, there is a lot of work that needs to be done in order to become compliant with CCPA legislation. If you don’t maintain compliance you will risk losing money from hefty fines. Don’t wait any longer. Contact me today at [email protected] to get started!
CH Consulting Group provides unparalleled expertise in the Contact Center and Customer Experience (CX) verticals. We have a nationwide team of industry veterans that can assist you to achieve exponential growth, manage change, and generate profit. For a comprehensive CX assessment and strategic plan customized for your unique business needs, connect with us here today.
