CCPA Compliance Checklist for Your Business

California Consumer Privacy Act (CCPA) is the latest privacy law in the United States of America. The bill that becomes effective on January 1, 2020, aims to protect the rights and privacy of California residents. It has left many businesses based in California worrying about complying with the Act. The official text of the bill may seem a bit complicated.

Here is a checklist that could come handy while preparing your business for CCPA compliance. Before that, it will be worthwhile to read the article on CCPA, which breaks down the law to give you a general idea of what it constitutes.

See if the following questions apply to your business.

Scope

Does your business:

• Come under “for-profit”?
• Operate in California?
• Collect personal information from Californian residents?
• Alone or jointly determine the purposes and means of processing the information?
• Meet one or more of the following criteria?
  • Over 25 million US dollar annual gross revenue.
  • Buy, receive, sell, or share, alone or jointly, the personal information of 50,000 or more consumers, households, or devices.
  • Earns 50% or more of the annual revenue from selling consumers’ personal information.

If any of the main points above does not apply to your business, then you fall out of CCPA’s scope!

Training

• Does your business have a well-trained team responsible for handling personal information?

Personal Information

Does your business:

• Collect personal information, as described in the official text?
• “Sell” personal information?
• Map the information collected (dating back to one year from the effective date) or to be collected – type, source, purpose, third-party access – and document all of it?

Consumer Rights

Does your business have:

• At least two designated methods for consumers to submit requests, including a toll-free number and a website address (if available)?
• A team that is aware of the rights and can direct consumers how to exercise them?
• A proper system to verify consumer requests and respond to them in due time?

Opt-In and Opt-Out

Does your business:

• Obtain consent from minors between 13 and 16 years old for selling their personal information?
• Obtain parental consent for selling the personal information of minors under 13 years?
• Include a clear and visible link “Do Not Sell My Personal Information” on the website for consumers to opt-out of the sale of their personal information?

Privacy Policy

• Have you reviewed and updated the existing privacy policy?

Does the privacy policy of your business:

• Present content in plain and unambiguous language and is readily available to the consumers?
• Clearly describe the business’s online and offline practices, including the collection, use, disclosure, types, and sale of personal information?
• Explain the rights of consumers and how to exercise them?
• Include the “Do Not Sell My Personal Information” link along with the description of the ‘right to delete’?
• Provide contact information?
• Include the last date it was updated?

Using CookieYes Privacy policy Generator, you can create a comprehensive privacy policy for your business in less than two minutes!

Security and Breach Control

Does your business have:

• An incident assessment procedure to identify potential risks and tackle them?
• A proper breach and incident response plan?

CCPA Compliance Review

• Does your business review the existing CCPA compliance methods and programs?

CCPA is less than a month away. You should be well prepared and ready to face the challenges that come with CCPA compliance. A business that follows the laws dutifully and ensures safe and secure processing is often regarded as trustworthy and reputed by consumers.

GDPR Compliance Checklist

Ultimate Guide to GDPR

CCPA vs. GDPR