Table Stakes for CCPA’s Do Not Sell Requirement: What You Need on Day One
CCPA’s (California Consumer Privacy Act) primary objective is giving people the ability to exercise their privacy rights, in particular, the right to opt-out of the sale of their personal information. To demonstrate that you understand their concerns, your objective for January 1 should prioritize your company’s privacy interactions with consumers. You can make huge strides in a matter of days.
Take a breath… it’s not too late to get ready for CCPA! Focus on the big-picture goals of the law and you’ll be in great shape. Here’s what you need to do—at a bare minimum—to get ready for CCPA requirements that go into effect on January 1, 2020.
First step: Get your website ready
Your website should show consumers that you’re making an honest effort to respect their data privacy rights. Every page of your website must provide an easy way for consumers to:
- See your privacy policies so they understand how you collect and use personal data
- Opt-out of the sale of their personal information via a link that states “Do Not Sell My Personal Information” or “Do Not Sell My Info”
- Request all of the info you have on them and/or request that you delete all of that info
You can address these requirements by adding a link in your website footer to a privacy page with basic information and functionality. It’s an easy way of showing that you take consumer privacy seriously. If your website doesn’t include at least the basics, it could be a red flag for regulators.
Second step: Take consumer requests
Make sure you can accept a consumer’s request and assure them that you’re processing it securely. You can use a web form that captures their info and an auto-reply message with details about what they should expect as the next steps.
If your company has an offline presence, CCPA also requires that you provide a phone number for consumers to submit requests. The experience on the phone should mirror the online experience and reflect your brand’s consumer-focused attitude toward privacy.
Third step: Record consumer requests
Once you’ve taken a request, make sure you record it somewhere your team can view it internally, monitor the fulfillment process, and demonstrate that you’re securely handling the data. Acting on data requests requires careful coordination among different departments and data stacks. The better you are at recording and tracking from day one, the easier it’ll be to mature your data privacy program throughout 2020.
What about delivery? When is the first time I would need to produce information for CCPA?
Although you need to have the ability to take a request on day one, you don’t need to fulfill it immediately. You have 45 days after you receive a verified request to complete it. If you’re unable to do so within 45 days, CCPA allows you to contact the consumer to let them know you need an additional 45 days. So, if you were to receive a request on January 1, 2020, you’d have until February 14, 2020, to fulfill the request. And honoring a privacy request makes for a very thoughtful Valentine’s Day gift.
Get moving now!
Taking these simple steps today will pay off for your brand in the long run. Remember that it’s not just about checking the box for compliance. These requests are coming from humans. By honoring their privacy wishes, you’re showing that your company values them as current or future customers.
How WireWheel can help
Whether you’re working to meet CCPA requirements or any other privacy mandate now or in the future, building your privacy operations on a suite of privacy solutions will give you the visibility and control you need to be successful.