Updated: Dec 7, 2021
As of 2021, US companies have one more reason to transform their businesses. - All of the California Consumer Privacy Act (CCPA) provisions came into enforcement. Lots of enterprises are concerned about preparing for innovation. But, as General Data Protection Regulation (GDPR) implementation shows, the efforts will be justified. Here you will discover what’s the difference between these two acts, what risks are incurred by non-compliance with the CCPA, and what to do to follow the regulations.
CCPA Regulations: What You Should Comply With
What is the CCPA?
California Consumer Privacy Act is a state regulation created to ensure a high level of personal data security and secure them as consumers' property. The CCPA covers employees, contractors, and business customers' data transferring as well.
Who must comply with the Privacy Act?
CCPA applies to commercial companies that do business in California or employ California residents. Moreover, the law concerns only businesses that:
make annual commercial data transactions owned by min. 50K Californians
receive $25M of gross annual revenue or more
conduct the above data transactions, receiving at least 50% of annual revenue from it
Core CCPA requirements
According to the Act, consumers have the right to receive notifications and request information about the volume and purpose of their data usage. A company must answer a consumer's request within 45 days after its receiving. The tricky part is, as of January 1, 2021, businesses are obligated to provide data usage information for the last 12 months.
CCPA fully maintains consumer control over their data. They can refuse to submit personal information or require a company to delete it. In case of unauthorized non-compliance with obligations, consumers can sue enterprises. Following Perkins Coie, as of June 2021, there were 135+ litigation cases related to CCPA. The most significant number of claims concerns privacy notice.
One of the curious Act's provisions is the prevention of revenge. In other words, if a client demanded personal data deletion, a company does not have the right to overstate goods/services costs.
CCPA: Challenge or Opportunity?
The CCPA adoption is a win for consumers. Meanwhile, the business faced a second avalanche of challenges. Enterprises have to set up data processing in brief terms to:
know what data and why they collect
boost data storage
perform accurate custom notification
delete data without harming business
This approach often requires data processing systems modernization. Businesses are going to invest there up to $100K per year.
You may also like: Legacy Contact Center Migration: Does End Justify The Means?
It seems the California Consumer Privacy Act is a troublemaker. Meanwhile, it provides companies with the opportunity to improve the quality of their business. Due to compliance with the law, enterprises can:
operate only with reliable information
improve customer experience and level of trust
boost software base, bringing ourselves closer to digital transformation goal
improve marketing strategies
take care of data protection
CCPA vs. GDPR: Similarities & Differences
CCPA Compliance Checklist
Any violation of CCPA, including loss of data, will lead to penalties or damage to the company's reputation because of litigation. Businesses strive to find a versatile list of improvements they should implement to avoid poor overcomes. We defined the top 10 to-dos able to protect your company:
Create a robust strategy concerning data processing. You must understand all aspects of working with data and respond to consumer requests promptly.
Improve your current software base. Compliance with CCPA will become one more overwhelming burden on outdated systems.
Boost a UI. Add a pop-up banner with a confirmation feature. It will notify users about data collection and help to get their approval.
Build scenarios of actions for all possible CCPA-related requests.
Organize in-house training to prepare staff for new work conditions. Pay attention to your employees' data protection as well.
Initiate risk-management procedures concerning your business partners to make sure they also comply with CCPA.
Check all current agreements concerning data transferring and update them following the Privacy Act requirements.
Use robust software for data protection. Make sure your data storages are scalable and reliable.
Track any amendments to CCPA and shadow how your competitors provide their compliance with it.
The Bottom Line
They say CCPA is not the end of the world. It's a motivation for business to get better. By the way, the regulation will not bypass non-Californian companies. Initiatives to implement similar acts have sprung up in several states. To avoid issues, enterprises should prepare for changes before they come.
If you strive to migrate to new software for compliance with CCPA, feel free to contact our specialists. We’ll provide you with tips on where to start.