What to Do About CCPA: Your First 3 Steps to Data Privacy Compliance
The California Consumer Privacy Act (CCPA), effective January 1, 2020, regulates the collection and use of consumers’ personal data. It is similar to the EU’s General Data Protection Regulation (GDPR), which puts data privacy on the radar for the first time for many companies. Additional privacy regulations or standards continue to pop up all over the world, including in Washington state, New York, Brazil, and India.
Senior executives are seeking reliable strategies to establish an all-encompassing data privacy compliance program. When it comes to CCPA compliance, here are the first three steps every organization can take toward a more certain future.
Step 1: Find out which third parties receive consumer information from your company.
In complying with CCPA, your ultimate goal is to not “sell” the personal information of consumers to other companies your organization does business with.
To that end, you’re on a mission to find out how all the covered businesses your company does business with, including service providers, vendors, and other third parties, use the personal data of consumers. That means reviewing all your existing contracts to locate and evaluate any and all clauses that concern the collection, use, or sale of private data.
Step 2: Update contract language to address CCPA Compliance requirements.
Once you’ve identified all third parties that may share consumer data, consider how you will update their contracts to include language that addresses CCPA requirements. We discuss potential approaches in [Title of and link to CCPA Article 3].
The updated contract or amendment should state that the third party:
- Is prohibited from retaining, using, or disclosing personal information for any purpose other than the specific purpose(s) of performing the services specified in the contract for your business, or as otherwise permitted by the CCPA.
- Is instructed not to further collect, sell, or use the personal information of the consumer except as necessary to perform the business purpose.
- Certifies that it understands these restrictions and will comply with them.
Step 3: Send your updated CCPA – compliant contracts to obtain new signatures.
Your updated contracts and formal amendments should be reviewed and signed by all parties. Most contracts today only ever exist in digital form, which means the technology you use to send, review, and e-sign contracts should provide a complete audit trail to show which parties formally signed the agreement and when.
Tackling Responsible CCPA Compliance with Contract Management Software
Full CCPA compliance involves more work beyond these three steps. But the faster you update your body of contracts to comply with CCPA, and the more reliable your processes are, the better you protect your client’s business from associated fines and potential class-action suits allowed under CCPA.
Many companies find contract management software like Parley Pro not just ideally suited for meeting data privacy challenges but downright necessary for responsible digital practices in contract management today. Read Comply with CPA: Contract Management Software for Confident Data Privacy to learn what you may be missing without it.
DISCLAIMER: This article is for informational purposes only. It is not intended to be a substitute for professional legal advice. Parley Pro is not a law firm and cannot provide advice, explanation, opinion, or recommendation about legal rights, remedies, defenses, options, selection of forms, or strategies.
About Parley Pro
Parley Pro helps businesses get more from their contracts by transforming them into strategic, digital assets — giving them the tools to create, negotiate, manage, automate, and optimize contracts to streamline business objectives, maximize revenue and reduce risk.