• CCPA is coming. Is your organization ready?

    Winter is coming, and so is CCPA. In fact, companies have just over three months to comply with California’s Consumer Protection Act (CCPA). Is your business ready? According to a March 2019 poll conducted by the International Association of Privacy Professionals (IAPP) and OneTrust only 55% of US privacy professionals plan to be CCPA-compliant prior to the law’s effective date of, January 1, 2020. If your organization hasn’t started prepping in earnest for CCPA, keep reading. This article will give you a quick overview of what CCPA is, what businesses it will affect and some basic steps to prep for it’s “go-live”.

    What is CCPA?

    CCPA is the nation’s strictest privacy legislation, often nicknamed “America’s GDPR”, in reference to the landmark privacy regulations enacted by the E.U. in May 2018. The new law gives California residents greater consumer rights over the control of their personal information. The new consumer rights can be grouped into five main categories:

    • Businesses must inform consumers of their intent to collect personal
    • Consumers have the right to know what personal information a company
      has collected, where the data came from, how it will be used, and with
      whom it’s shared.
    • Consumers have the right to prevent businesses from selling their personal
      information to third parties.
    • Consumers can request businesses to remove the personal information
      that the business has on them.
    • Businesses are prohibited from charging consumers different prices or
      refusing service, even if the consumer exercised their privacy rights.

    What Businesses are Impacted

    Even if your organization isn’t located in California, it may still be required to comply with CCPA if:

    It does business or has customers (or potential customers) in California

    AND it meets one of the following criteria:

    • Its annual gross revenue is more than $25 million.
    • It receives, shares, or sells personal information of more than 50,000
      California residents, households or devices
    • It earns 50% or more of its annual revenue from selling personal information
      of California residents.

    Getting Compliant

    According to an excellent article in Forbes, here are a few of the ways that businesses can prepare themselves for compliance with CCPA:

    • Evaluate current capabilities by identifying and classifying personal data
    • Review your organization’s current data-governance capabilities against
      what’s required in CCPA and make adjustments as necessary
    • Take stock of your privacy controls, keeping an eye out for gaps in meeting
      CCPA requirements. Then prioritize the processes, software and systems
      that need to be updated.
    • Implement regulation monitoring procedures to ensure your business
      continues to be in compliance over the long run.

    This article was originally published in the Dev IQ® blog,

    © 2019 Dev IQ®. All Rights Reserved.