2. Update privacy policies and procedures: Make sure your privacy policies are.
1. Understand what CCPA and CPRA are and who they apply to: CCPA stands for California Consumer Privacy Act and refers to a data protection law that standardizes the rights of California consumers. As of January 1, 2023, the CCPA has been amended to include the CPRA (California Privacy Rights Act). If you run a profit-oriented business that collects, processes, or sells data from California citizens, you may be required to comply with the CCPA if you meet some additional criteria.
2. Know what data is affected: CCPA defines what personal data, or personally identifiable information (PII) is and is not affected. The information includes name, address, email address, social security number, biometric information, job data, educational information, and browsing history. It does not cover publicly available information, like that found in government documents or newspaper articles, and personal health information, which is regulated separately under Health Insurance Portability and Accountability Act (HIPAA).
3. Right to know: Californian consumers have the right to be disclosed by companies exactly what personal information is collected. A request in this regard may be made by consumers up to twice a year. Additionally, an individual must be notified of these intentions at or before the point of data collection. To inform your consumers about your data processing activities, you can use a pop-up window or banner that appears when a page is first accessed. Tell your customers that you collect data, for what purpose, and also include links with additional information about your CCPA practices.
4. Right of access in CCPA: Section 1798.130. of CCPA requires you to provide consumers with two or more methods to contact you to make requests such as disclosures of personal information. Here, you must provide a toll-free telephone number and your website address. If a request is raised, you only have 45 days to comply. To make it as easy as possible for consumers to practice their CCPA rights, you should place your contact information prominently on your website.
7. Right to delete/be forgotten: Californian consumers have the right to have their data that has been collected by the company deleted, and therefore to “be forgotten.” In certain cases, you do not have to comply with this obligation to delete, namely if it was necessary for your company to continue maintaining the requested data to detect security incidents, comply with legal obligations, or the like, as described in Section 1798.105. Make sure your IT team knows exactly where personal data is stored and how to delete it in a CCPA-compliant manner.