First and foremost, you need to spend time combing through CCPA. Ignorance of the law doesn’t serve as a defense, so it’s best to review it thoroughly. The law provides consumers in California with a significant amount of new protections regarding the collection and use of their data. Organizations are required to comply if they have online revenues that exceed $25 million and have customers in the state.
Companies that end up non-compliant face massive fines. Additionally, consumers have the right to file lawsuits against businesses that are negligent in specific scenarios, which could drive costs even higher.
Audit Company Practices
If you want to protect your company by ensuring you are complying with CCPA, conducting a company-wide audit and reviewing your data collection, storage, and sharing practices is essential. Otherwise, you won’t be fully aware of your current state, and that makes it harder to implement any necessary changes.
Additionally, you need to look beyond your business. If you partner with third parties who have access to any consumer data, you need to audit these relationships, as well. A third party’s non-compliance could fall back on your company.
Plan for New Requirements
Since CCPA aims to give consumers more control over their data, you need to make sure you have mechanisms in place that allow them to take specific actions. For example, consumers need the ability to tell a company that they don’t want to be tracked in a circle that is smaller than ¾ of a mile across for ad targeting purposes. If you don’t have an option that allows consumers to assert that preference, you need to create one. Similarly, you have to build reporting mechanisms that enable consumers to learn what data has been collected on them, what data has been sold, and which company received the purchased information.
Many of these requirements will require technical changes. If you have put the proper mechanisms in place yet, then doing so should be a priority.
Ultimately, CCPA has strict requirements, and failing to comply comes with serious consequences. Additionally, it may be a sign of the changing times, and companies should anticipate that other states may follow suit and create new laws. That way, even if you aren’t affected by CCPA, you maintain a proactive mindset. By working to offer consumers more control and protections now, you are getting ahead of the wave.