Preparing for CCPA: 3 reasons to start now
Even though the California Consumer Privacy Act (CCPA) has a projected enforcement date of January 2020, many companies are wasting no time implementing their readiness plans, and rightly so. As we discussed in our webinar GDPR Comes to America (CCPA): Be Prepared, presented along with ASG Technologies, companies that begin preparing for CCPA today will position themselves to be ready for the deadline — and to begin reaping the additional benefits that their efforts can deliver.
In our webinar, we asked attendees to let us know where they are today with CCPA readiness plans, and we learned that over half of them have gotten started:
Reason 1: It’s not about surface-level changes
Complying with CCPA is about more than changing some wording in your user agreement or adding some links to your website. Before you can even begin discussing policies, procedures, or contracts, you must know exactly what personal data you have, where it came from, where it is going, and what you’re doing with it. As you might imagine, filling in these blanks requires a considerable amount of time and effort.
In the webinar, we shared the story of a Primitive Logic client who recently received their first request from a customer to delete his personal data under GDPR. We had worked with this client on their readiness strategy and put in place the elements required to comply with such a request, including
- • Policies and procedures detailing how data subjects can request erasure and how the company will respond
- • System diagrams and data flow maps for locating a customer’s data
- • Step-by-step instructions for fulfilling data erasure requests including descriptions of roles and responsibilities detailing who will do what
- • Procedures for confirming erasure with the customer and for retaining records of data erasure requests
- • Building and implementing these elements required time and effort, but the investment paid off in our client’s ability to respond to this customer’s request completely and promptly.
In another webinar poll, attendees indicated they are aware of the complexity that CCPA readiness entails, as one-third cited “multiple areas” as their primary area of concern:
Reason 2: There is a 12-month lookback period
Under CCPA, if a data subject requests a record of the sale or disclosure of their personal data, you must provide information covering the preceding 12 months. So if a customer contacts you in January 2020 with such a request, you will be required to provide categories of her data that you sold or disclosed going back to January 2019.
If your company is not currently tracking the categories of personal data you sell or disclose and making that information readily available, now is the time to put those capabilities in place.
Reason 3: It delivers benefits beyond compliance
When many companies think about preparing for CCPA, they see the effort as an expense, a necessary inconvenience to help them avoid penalties and lawsuits. But as we explored in the webinar, the data management efforts behind CCPA preparation can lead to numerous benefits to the company, allowing you to
- • Improve business efficiency due to faster, easier access to data
- • Build trust with your customers and your business partners
- • Understand your customers better
- • Reduce data storage costs (once you discover and delete obsolete or unnecessary customer data)
Need help with data privacy compliance?
See how Logic20/20 can help.
Executive Team member Kevin Moos is recognized for his experience with knowledge management systems. He has lent his expertise to several prestigious industry panels on enterprise content management and other topics.