5 Steps Businesses Can Take To Comply With The CCPA

Earlier in the month we published an article on the creation of the California Consumer Privacy Act and the rights it seeks to afford business customers. So why should IT professionals be concerned with CCPA? As organizations discovered during the GDPR transition, many areas of security, data storage, and compliance management falls under or includes the IT team. So the obvious initial questions are: What are the consequences of non-compliance? and What steps can businesses take to comply with these types of consumer privacy laws?

Keep reading to find some answers.

Consequences Of CCPA Non-Compliance With The CCPA

The California Attorney General can levy CCPA penalties on any non-compliant company doing business in the state. The civil penalty for intentionally violating the Act can be as high as $7,500 per violation.

Consumers also have the right to seek relief for any damage done by the sale of their personal information. Statutory damages can range from $100- $750 per California resident per incident. That can add up quickly.


What Steps Can Businesses Take to Comply With The CCPA

  • Regularly Update Your Privacy Policy Page

Businesses must make some disclosures on their privacy policies page. They must tell the consumers that they are collecting the consumers’ personal data. They must clearly state what kind of personal data they are collecting and why they are doing so. They must also mention the type of personal data they have sold within the last 12 months. Businesses must update their privacy policy every 12 months to reflect any change made. They should also make it perfectly clear that the consumers can opt out, if they want.

  • Include Opportunities to Opt Out of Personal Data Sale or Collection on Forms and Pages

Businesses are required to supply a link or button on the homepage that allows consumers to opt out of the sale of their personal data. Typically, the title of the link is “Do Not Sell My Personal Information.” They should also refrain from selling the personal information of any consumer below 16 years old without their or their parents’ affirmative consent.

  • Develop Processes and Systems to Handle Consumer Data Disclosure Requests

Businesses must provide at least two ways (telephone and website) through which consumers can submit their requests for certain information about the privacy information, as provided within the rights of these consumers. The telephone number must be toll-free. A website is required, too. When businesses receive any request from a consumer concerning this information, they must reply within 45 days.

  • Be Sure Not To Offer Different Services to Consumers Based ib Whether They Opt Out Of Data Collection or Sharing

Businesses must still conduct business with consumers that exercise their privacy rights as provided under the Act without any discrimination. They must not deny such consumers goods or services. They must not provide a lower quality of goods, services, or charge a higher price because of this. The only exception to the pricing requirement is “if that difference is reasonably related to the value provided to the consumer by the consumer’s data.” Under that condition, businesses can charge a higher rate. Of course, that clause may be interpreted differently, and might turn out to be a major loophole.

  • Familiarize Yourself With Consumer Compensation Plans for Sharing Data

Businesses can offer money to consumers in exchange for their personal information. If the consumers agree, they would have relinquished their rights to the businesses.

Phishing Malware

Can your employees differentiate between a legitimate email and targeted phishing?

92% of malware was delivered through email in 2018.  And Phishing emails are the #1 method of deploying malware.  Contact us today to learn more about our Phishing Awareness Training.

Learn More

About UTG

UTG is a Mid-Market Managed Service Provider that partners with your organization to leverage technology strategically.  We help you meet company objectives, increase efficiencies and productivity through technology.


See all