Countdown to CCPA: Part 3
You’ve determined that your business is subject to the California Consumer Privacy Act (“CCPA”) and are engaged in your CCPA assessment and compliance efforts. January 1 is close. As you are getting ready for the CCPA, it’s time to measure your CCPA implementation progress.
This post is the final article of a three-part series to help you assess your compliance progress.
Training and Culture
The CCPA requires you to inform your employees who handle consumer rights requests and inquiries about your privacy practices and how consumers may exercise their rights. Training and education will support your CCPA compliance program overall and demonstrate accountability.
- Do you have a CULTURE of privacy?
- Do you have TRAINING and education for your executives, managers and employees who will process and respond to consumer requests regarding their privacy and consumer access rights?
- Do your executives, managers, and employees generally UNDERSTAND CCPA requirements and what types of personal data are covered?
- Do they know the individual point of contact or centralized function to contact in the event of QUESTIONS or concerns?
- Do they know how to respond to or direct CONSUMER INQUIRIES?
- Do they know what the internal data incident ESCALATION process is and how to use it?
- Do you have a data incident RESPONSE plan and team ready to investigate and resolve breaches in compliance with applicable law?
Can you readily DEMONSTRATE COMPLIANCE with each CCPA requirement? Have your DOCUMENTATION, archive, and record RETENTION policies and procedures been reviewed and updated as applicable?
Leverage Compliance Efforts
Data inventory and mapping, consumer transparency, third party management, training, and breach response are all necessary prerequisites for general data protection planning. Although specific legal requirements may vary by industry, state, and nation, these compliance steps are universal and may be leveraged to respond to new laws and regulations regarding privacy and security.
Use a solution that demonstrates and displays evidence of compliance with key CCPA requirements, including the receipt and processing of consumer rights requests.
By Paige Boshell, Privacy Counsel LLC (Please note that this article is not intended as legal advice and is a high-level overview of some of the more significant CCPA requirements. Please contact legal counsel for a thorough description of CCPA obligations and how they apply to you.) © CENTRL, Inc. 2019