Senior privacy consultant Jodi Daniels shares what CCPA compliance means for your organization.
When we think of data privacy and online security, we often think of “IT” and how various types of software, fancy passwords, and technology updates keep our accounts and information safe. But data privacy is much more than that. Does that mean it’s simple? It is not!
Concerns around data privacy and individual rights led to the formation of the California Consumer Privacy Act (CCPA) legislation that is now law. In order to be CCPA compliant, your company will have to be more transparent than ever before. Hopefully, you are at least somewhat familiar with the CCPA regulations and have systems in place to be compliant. If you don’t, TODAY is the day to get started since amendments will be enforced starting in July of 2020 and the original regulations are already being enforced.
Data Privacy Specifics
Data privacy keeps the rights of consumers in mind. That means every company has to know about the data they collect. This is often referred to as data mapping. It is an important step in CCPA compliance because, under these regulations (and others to come), consumers have the right to:
- understand what personal information is being collected about them.
- know whether their personal information is sold or disclosed and to whom.
- can say no to the sale of personal information.
- are able to access their personal information.
- have equal service and price, even if they exercise their privacy rights.
Data Privacy & Systems
Data privacy meets information systems during data mapping. This is one of the first steps to CCPA compliance. Without this foundational step, the rest of the CCPA compliance checklist will be hard to complete. You need to know what types of data your company collects, how and where this information is stored, and how and when it is used.
Once you understand your company’s data, you can then move on to other processes – creating structures for handling individual rights, establishing or strengthening security measures, training employees, updating privacy policies and notices, and preparing for future regulations.
Data Privacy Cycle
In this new world of data privacy at the forefront, you cannot be complacent. You have to continually examine your data and processes regarding the way the data is handled. It is a cycle that needs to be consistently revisited to ensure your company remains CCPA compliant and up to date on all data privacy regulations. These tactical elements, while important, are not stand-alone solutions.
Thanks to CCPA regulations, businesses must be on top of data privacy from a strategic standpoint, using it as a driver and backbone of marketing and customer service. Because protecting consumer rights isn’t just the law anymore, it has become a way to prove your trustworthiness to consumers.
Data Privacy Strategies
Data privacy now needs to be a topic of planning for the entire company. When your team discusses project costs, technology, and human resources when launching a new product idea or business solution, privacy must be a part of that initial conversation. You have to be sure that you have all the elements in place to not only make that product a success but also that you are staying within the law as you launch it.
Additionally, when it comes to hiring vendors, your company needs to consider how to create GDPR and CCPA-compliant agreements for them. Any data that integrates with your company must be protected under these data privacy regulations even if the information is stored in a third-party database, so this extra step is key in ensuring your company is following the letter of the law.
Even when your company is brainstorming new campaigns – whether marketing, products/apps, or overall business strategy – the process needs to include a checklist for compliance with the GDPR and CCPA. While these additional steps may slow down processes or add layers of approval before moving forward, they will help save money and time later. And, being CCPA compliant will ultimately lead to trust among your customers and enhance brand loyalty.
8 Steps to CCPA Compliance
Data Privacy in the Future
Looking ahead, we know that more and more states are developing their own data privacy regulations. Being CCPA compliant now and staying ahead of changes will help your company as the focus on data privacy grows. Chances are your internal team knows a lot about data security and less about data privacy. Your company will need a sustained, proactive approach to privacy compliance. You’ll need to identify resources, internal or external, to help keep the company execute on day-to-day operational privacy compliance, as well as ensuring application of new and changing privacy laws, regulations, and policies.
If you aren’t already well on your way to CCPA compliance, it is important to get started right away!
Want to know if your company is ready for the California Consumer Privacy Act? Take the CCPA Assessment now!
This article was authored by Jodi Daniels, founder and CEO of Red Clover Advisors, a boutique data privacy consultancy. Jodi also serves on the Board of Idenhaus Consulting.
To receive the top Cybersecurity and IAM articles in your inbox every two weeks (Tuesdays 8 PM EST), subscribe to our Identity Management biweekly and/or our healthcare IAM newsletter.
Follow @Idenhaus on Twitter and subscribe to our YouTube channel.
Idenhaus was named one of the 10 Most Promising Identity Governance and Administration Consulting/Service Companies 2019 by CIO Review!
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us