California Consumer Privacy Act: Business Requirements to Comply


For businesses to comply with the California Consumer Privacy Act the following is recommended:

  • Provide notice to Consumers of their Rights
  • Provide notice to Consumers of Categories of Personal Information it collects, sells and discloses for a business purpose (Privacy Policy must be updated every 12 months)
  • Provide notice to Consumers of the Right to Opt-Out of a Sale (Policy and webpage) or (appropriate Opt-In in case of a child)
  • Provide notice to Consumers of financial incentives and opportunity to Opt-In
  • Establish designated methods for submitting requests (as defined and also including AG devised methods)
  • Train staff to appropriately address issues and advise Consumers
  • Develop policies/procedures to "reasonably" verify the requestor and respond as appropriate under the Act (including denial of a request or request more time as authorized)
  • Draft or update service provider contracts to be compliant with CCPA (and Notice to Consumer) 
  • Establish and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information

Since the CCPA applies to business of a certain size and/or use of data, it is important that all businesses consider the recommendations. Further, if your business uses third parties that collect consumer information then the CCPA may apply to those businesses. It's important that you check with any service or sub-service provider to ensure they have implemented measures to comply with CCPA.

Business's has the duty to provide the following compliance measures:

  • Respond to a Consumere request within the 45 days time limit (or as legally extended) after first verifying the Consumer request
  • Respond to a Consumer request to opt-out of the sale of Privacy Information
  • Respond to 1) and Attorny General notice of noncompliance and 2) a Consumer notice of noncompliance
  • Respond to any exercise of a right without discriminating against the Consumer

Notice: This blog is only intended to be informative of best practices discovered online and in personal training sessions attended by the author and is in no way legal advice. It is recommended any business implementing the CCPA contact legal counsel prior to implementing any CCPA measures.

Tags: CCPA ,