Laws around data protection and data privacy change from country to country. For example, the GDPR in Europe is very different to the legal requirements surrounding data retention and collection in other continents. Within the USA, the data laws (if any) change from state to state. Perhaps most notably, California has ratified how businesses must collect, handle and retain data within the California Consumer Privacy Act, or the CCPA.
Here, we examine what exactly the CCPA is and, importantly, how to meet CCPA compliance requirements so that your business always stays on the right side of the law. Additionally, we highlight why adhering to the CCPA is not only a legal requirement, but why improving personal data collection and retention is helpful to a company too.
What is CCPA and what is CCPA compliance?
The CCPA was arguably seen as a landmark law within the USA as it was the first in the country to address a person’s right to their control over their own personal information held by companies. Due to being established in California, the law only pertains to California citizens or Californian companies. However, in practice, it was seen as groundbreaking as it helps promote its citizen privacy rights in the following ways:
- A person has the “right to know” about the data collected on them by a company as well as how it will be employed or disseminated in the future
- A person has the “right to delete” data that has been collected on them
- A person has the “right to opt-out” and decline having their information sold to other parties
- A person has the “right to non discrimination” when they are using the CCPA rights.
Additionally, when a business handles, collects and stores data, they must fully explain their processes and procedures to the individuals whose data they have.
As a result, CCPA compliance is adhering to these rules and requirements. As briefly mentioned above, businesses must adhere to them if the data they are working with is that of a California citizen. However, there are some more criteria that they need to meet in order to have to comply. The CCPA states that:
- Businesses must comply if they “have a gross annual revenue of over $25million.”
- Businesses must comply if they handle (i.e. buy, receive or sell) “the personal data of 50,000 or more California residents, households or devices”
- Businesses must comply if “they derive 50% or more of their annual revenue from selling California residents’ personal information.”
How to meet CCPA compliance requirements: a CCPA compliance checklist
To be CCPA compliant, businesses to whom the CCPA applies, must adhere to the following checklist.
- Inform its consumers about how their personal data is handled and used or if it will be shared
- Have tracking systems in place to be able to account for the history of data as well as hold a data inventory
- Gain permission from the consumer before data collection or at least at the time of data collection
- Permit consumers access to their data
- Inform consumers that they have the right to have their data deleted should they request it
- Explain the CCPA to consumers and how it affects their data privacy rights
- If a company sells personal information, it must establish a Do Not Sell My Personal Information page.
While this CCPA compliance checklist is helpful, there are other ways a company can ensure it remains compliant with the CCPA that can provide a more robust approach to staying well within the realms of the law.
Using software that records a document’s history, like that from Contractbook, is just one of the ways that technology can be utilised to help ensure CCPA compliance. Additionally, elements like secure cloud storage or collaborative tools in such software is an effective way of making CCPA compliance work for a business.
In fact, making use of software packages that help support CCPA compliance can also help a company in many other ways - proving that adhering to data protection laws is not just a piece of legal administration that must be overcome to stay trading lawfully.
Instead, a healthy and proactive approach to upholding data protection laws can help set a business apart. Data privacy laws protect individuals’ fundamental rights and freedoms. As a result, individuals are far more likely to impart their information in the first place and far more likely to do business with a company with robust data protection procedures. Using technology and software packages available from the likes of Contractbook are an efficient and effective way to be one of those companies.
CCPA compliance requirements - key takeaways
The establishment of the CCPA was seen as a landmark law as up until that point, the USA in general had a much less directive approach to data privacy rights than those in Europe - through the GDPR. It perhaps is a signal that lawmakers in the USA are waking up to the realisation that companies do not voluntarily employ ethical data privacy procedures unless legally required to do so. It also points to lawmakers realising the importance of maintaining data privacy.
Bearing that in mind, it may be a worthwhile task for companies who do business in America to start honing their own data privacy processes as more and more States may look to establish similar laws. Plus, ultimately, handling data in a responsible way is the ethical and moral thing to do.