CCPA

What to Do About CCPA: Your First 3 Steps to Data Privacy Compliance

The California Consumer Privacy Act (CCPA), effective January 1, 2020, regulates the collection and use of consumers’ personal data. It is similar to the EU’s General Data Protection Regulation (GDPR), which puts data privacy on the radar for the first time for many companies. Additional privacy regulations or standards continue to pop up all over the world, including in Washington state, New York, Brazil, and India.

General Data Protection Regulation and California Consumer Privacy Act Summary

A few of the main differences between the CDPR and CCPA requirements include:

Who is protected

While the GDPR covers all data subjects regardless of where they live or their citizenship status, the CCPA only covers individuals who legally reside in California.

Types of information protected

The GDPR applies to the processing of any personal data, regardless of its purpose or how it is processed.

The CCPA, on the other hand, is a little more specific about what types of data are protected.

While the GDPR requires businesses to obtain user consent with “opt-in” choices before accessing any of their data, the CCPA only requires businesses to provide an “opt-out” option when user information is actively sold or shared.

The information that data subjects must receive

Both the GDPR and the CCPA include the following provisions to encourage greater transparency in how data is handled:

the data sharing methods, the objectives for which their data is being processed, the rights that persons have regarding their data, and how they can contact a relevant data protection officer if they so choose.

Non-compliance penalties

Fines for non-compliance or data leaks under the GDPR can be as much as €20 million or 4% of the breaching company’s global profit from the preceding fiscal year.

The CCPA differs from the GDPR because non-compliance isn’t deemed sufficient grounds for a fine. Instead, sanctions are imposed only after a data breach has occurred.

Senior executives are seeking reliable strategies to establish an all-encompassing data privacy compliance program. When it comes to CCPA compliance, here are the first three steps every organization can take toward a more certain future.

Steps to CCPA Compliance

Step 1: Find out which third parties receive consumer information from your company.

In complying with CCPA, your ultimate goal is to not “sell” the personal information of consumers to other companies your organization does business with. 

California Consumer Privacy Act. USA data security, consumer personal data protection

To that end, you’re on a mission to find out how all the covered businesses your company does business with, including service providers, vendors, and other third parties, use the personal data of consumers. That means reviewing all your existing contracts to locate and evaluate any and all clauses that concern the collection, use, or sale of private data. 

Step 2: Update contract language to address CCPA Compliance requirements.

Once you’ve identified all third parties that may share consumer data, consider how you will update their contracts to include language that addresses CCPA requirements. We discuss potential approaches in [Title of and link to CCPA Article 3].

California Consumer Pivacy Act Compliance

The updated contract or amendment should state that the third party: 

  1. Is prohibited from retaining, using, or disclosing personal information for any purpose other than the specific purpose(s) of performing the services specified in the contract for your business, or as otherwise permitted by the CCPA.
  2. Is instructed not to further collect, sell, or use the personal information of the consumer except as necessary to perform the business purpose.
  3. Certifies that it understands these restrictions and will comply with them.

Step 3: Send your updated CCPA – compliant contracts to obtain new signatures.

Your updated contracts and formal amendments should be reviewed and signed by all parties. Most contracts today only ever exist in digital form, which means the technology you use to send, review, and e-sign contracts should provide a complete audit trail to show which parties formally signed the agreement and when. 

Tackling Responsible CCPA Compliance with Contract Management Software

Full CCPA compliance involves more work beyond these three steps. But the faster you update your body of contracts to comply with CCPA, and the more reliable your processes are, the better you protect your client’s business from associated fines and potential class-action suits allowed under CCPA. 

CCPA Compliance with Contract Management Software

Many companies find contract management software like Parley Pro not just ideally suited for meeting data privacy challenges but downright necessary for responsible digital practices in contract management today. Read Comply with CPA: Contract Management Software for Confident Data Privacy to learn what you may be missing without it.

DISCLAIMER: This article is for informational purposes only. It is not intended to be a substitute for professional legal advice. Parley Pro is not a law firm and cannot provide advice, explanation, opinion, or recommendation about legal rights, remedies, defenses, options, selection of forms, or strategies.

Contract management platform features to help you meet CCPA requirements

California’s new data privacy act has many requirements that could spell trouble for companies without sufficient data protection safeguards in place. If you lack proper security measures, a robust contract management solution will make it easy for you to meet the CCPA contract requirements.

You can improve your security compliance with the following contract management features:

Data encryption

When your data is encrypted, unauthorized users can’t access your confidential contract data. Look for a contract management system that encrypts all data during transit and at rest. Any data delivered externally to or from your contract management system to an external user or application is data in transit. Any data that is stored within your contract management system is data at rest.

Cloud-based storage

Businesses frequently store their contracts in shared folders across many locations, leaving them vulnerable to security threats. One of the most important steps towards improved security is centralizing your agreements in a password-protected, cloud-based repository. This will significantly limit the chance of your sensitive data being accessed by malicious individuals.

Vulnerability testing

Audits and external tests can reveal security problems that ill-natured people are likely to target. To limit the chance of a breach, choose a software company that performs vulnerability tests at least once a year, if not more frequently.

Data encryption

When your data is encrypted, unauthorized users can’t access your confidential contract data. Look for a contract management system that encrypts all data during transit and at rest. Any data delivered externally to or from your contract management system to an external user or application is data in transit. Any data that is stored within your contract management system is data at rest.

About Parley Pro

Parley Pro helps businesses get more from their contracts by transforming them into strategic, digital assets — giving them the tools to create, negotiate, manage, automate, and optimize contracts to streamline business objectives, maximize revenue and reduce risk.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Share this:
@