Also known as AB 375, the California Consumer Privacy Act of 2018 was passed in California and is anticipated to go into effect on January 1, 2020. The Act focuses exclusively on data collection and privacy, very similar to the European Union’s General Data Protection Regulation (GDPR). A few key components of the Act give residents of California the right to:
CCPA applies to companies that:
The Act gives residents of California the ability to bring a civil action against companies that violate the Act, and states that fines could be between $100-750 per violation – or higher, if more damage can be proven. In addition, the state of California can bring charges against a noncompliant company directly. Those fines could be up to $7,500 for each alleged violation not resolved within 30 days.
Well, California by itself is the 5th largest economy in the world. If you do business in California or collect data from California residents you need to comply. So, ignoring the California statues and marketplace regulations is unlikely to be an option. There’s good news however – the CCPA is largely in line with GDPR, so if your business is GDPR compliant, you’re probably in good shape for CCPA.
The landscape of privacy regulations is only getting more stringent. More regulations and legislation are coming – in fact, a separate bill in California (AB 2546) is still under consideration to strengthen anti-spam laws. Be smart about your data collection and adopt a policy of “privacy by design.”
CCPA Consulting Services: Maintaining compliance with the growing data and privacy regulations across the globe is daunting. PossibleNOW’s sister company, CompliancePoint, provides the following consulting services related to CCPA
CCPA Technology: The OnePoint CCPA module is a workflow tool that manages activities associated with maintaining compliance with consumer privacy requests related to CCPA. This includes defining workflows, tasks, and assigning task owners for completing the steps necessary to satisfy the consumer rights.
Consumers are provided access to the Consumer Privacy Request Portal which allows them to submit requests related to their privacy rights including Right to Access, Deletion, Disclosure of Information Collected, Disclosure of Information Sold and to the Right to Opt-out. They are provided a confirmation code to track the status of their request and are notified when it is completed.
Upon completion of a set of tasks or workflows, an auditor can view all work, evidentiary data articles, and other documentation related to the completion of a task and approve it or reject if it doesn’t meet the required standard. All evidential artifacts are stored in a central repository for validation and audit purposes.
Reference the graphic below for illustration of the workflow and process.