CCPA Organizational Readiness Checklist

On June 28, 2018, California passed AB 375 the California Consumer Privacy Act of 2018 (CCPA), which will become effective January 1, 2020.

  • The CCPA gives consumers broad rights to access and control their personal information. As currently enacted, the law dramatically increases consumer's rights of access to and control over how their personal information is collected, used, sold, and disclosed.
  • Businesses will need to modify operations, policies and procedures to comply with California resident's rights to information about and control of their personal information.

We have created a checklist for your organization to help you prepare for the upcoming deadline. This is not a comprehensive list and we will keep updating it as we monitor the developments to the CCPA:

  • Conduct an internal review to confirm what personal information is being collected by your business.
  • Understand the scope of personal information collected, how it is used, confirm if it is sold to third parties or if it is shared with third parties and the purpose of such sharing.
  • Review internal policies and procedures as to the scope and purpose of such collection of personal information.
  • Review and update your internal and online privacy policies to comply with the disclosure requirements of the CCPA when it becomes necessary to do so.
  • Prepare policies and procedures to ensure your organization can respond to consumer requests for access to, deletion from, or information related to the sale or disclosure of their personal information.
  • Prepare to implement technological solutions that can process the consumer requests you receive and the consumers rights to opt-out of the sale of their personal information.
  • Prepare training materials to train all your people in your organization especially personnel who will be responsible for handling consumer personal information inquiries.
  • Reviewing your contracts with third parties and service providers to whom consumer personal information is provided by your business.
  • Conduct third party audits on service providers who have access to your consumer personal information to ensure compliance with the CCPA.

To summarize, the CCPA requires that by January 1, 2020 all companies who use personal data must comply with requests from individuals to report on what data is collected, how it is used, to prevent further sharing, or even delete the data upon request.