The California Consumer Protection Act gives consumers more rights related to their personal data and requires businesses to be more transparent about the way personal data is used and shared. The law applies to certain businesses that collect, use, receive or transmit the personal data of California consumers. Specifically, this law applies to for-profit businesses that do business in California and have annual gross revenues of over $25,000,000, buy, sell, or share the personal information of 50,000+ consumers per year, or derive 50% or more of their annual revenues from selling consumers’ personal information. The penalties for non-compliance vary depending on the entity issuing the penalty. If consumers pursue a private, class-action lawsuit, statutory damages could be between $1,000 and $3,000 or actual damages, whichever is greater. If the Attorney General issues fines for non-compliance, companies may be liable for paying fines up to $7,500 per violation. Additionally, in the event of a data breach, consumers can recover damages between $100-$750 per consumer per incident.
These penalties for non-compliance mean more and more businesses must find a way to demonstrate their compliance with this privacy law. Compliance with CCPA revolves around four components: consumer rights, privacy disclosure, vendor contract management, and reasonable security measures.
Checklist for CCPA Audits
An audit is one way to prove your business’ compliance with CCPA and commitment to data privacy. During this audit, a third-party auditor that specializes in privacy practices will verify that your business appropriately safeguards personal information. How can you prepare for a CCPA audit? Start with this checklist:
- Responding to Consumer Rights
- Required Disclosures
- Restrictions on Selling Personal Information
- Data Retention
- Reidentification of Personal Information
- Permitted Financial Incentives for Collecting, Selling and Deleting Personal Information
- Employee Training Related to Consumer Rights
- Third Party Oversight
- Duty to Implement and Maintain Reasonable Security Measures
- Breach Response
Interested in taking your privacy practices to the next level through a CCPA audit? KirkpatrickPrice’s team of privacy experts assess business’ protection of personal information and compliance with regulations like CCPA. Let’s plan your CCPA audit today!