Verification: 01ab39b8b6786c61

How Will the California Consumer Privacy Act Affect Your Business?

We’ve all been hearing about the California Consumer Privacy Act of 2018 (CCPA) and how it may or may not affect your business. There have been plenty of articles written on which companies this new law will affect. 

But how will this affect your business practices – both monetary and operationally?

As a reminder, you will be affected by CCPA if your company:

  • Applies to any organization that “does business in the State of California,” not just businesses residing or incorporated in California.
  • Earns $25 million or more in revenue per year
  • Annually buys, receives, sells, and/or shares the personal information of 50,000 or more consumers, households, or devices, alone or in combination.
  • Derives 50 percent or more of its annual revenue from selling consumers’ personal information

In addition to the above, there is a broad exemption under the federal and California healthcare privacy laws. It excludes PI collected, processed, sold, or disclosed under federal and California laws regulating financial institutions. The August amendment expanded these exemptions.

The CCPA will take effect on January 1, 2020. Still, specific provisions under the CCPA require companies to provide consumers with information regarding the preceding 12-month period – meaning that activities to comply with the CCPA may well be necessary sooner than the January 1, 2020 date. 

OK – we’ve heard this before, but what does it mean to your business?

At the Agent/Supervisor Level:

  • You must inform consumers at or before gathering the data what you intend to do with the information. Informing the consumers that they are using online methods can quickly be done with some policy language changes. Consumers calling directly to an agent will require the agent to inform consumers – increasing your Average Handle Time (AHT), resulting in fewer calls per agent throughout the day.
  • You must notify consumers that they have the right to “Do Not Sell My Personal Information,” whether it is available online through an opt-out tool or informed at the agent levels, thereby increasing your AHT.
  • If the consumer requests a copy of their PI, the business must deliver a copy in a usable format that allows it to be transmitted quickly. This transmission may require technical changes to your software, depending on how you gather it.

Potential Technical Changes

The technical changes include the above, but you should address these specifics as well.

  • If a consumer has engaged their right to “Do Not Sell My Personal Information,” a business cannot solicit an opt-in for 12 months following an opt-out. There must be two or more methods for submitting information requests. This request means a comprehensive tracking system needs to be put into place to ensure compliance.

Financial Considerations

  • Increased Payroll:
    • With a potential increase in AHT (from longer engagements with consumers to inform of policy changes), efficiency levels will decrease.
    • Depending on the number of consumers requesting PI information sent to them,
  • Increased Technology Costs:
    • One-time costs will include changes required to online policy statements, creation of opt-out policies, and development of a tracking system for consumers requesting data.
  • Potential fines:
    • There are civil penalties of up to $7,500 per violation, following notice and failure to cure the breach within 30 days of notification.

Are you ready? Maybe you are in some areas and not in others. If you need help, contact CH Consulting Group – we can help you assess the current state and create a strategic roadmap that ensures you are compliant with CCPA. Hopefully, this will help you determine what steps to take to minimize the costs to your business.

more insights