A key part of the California Consumer Privacy Act (CCPA) that went into effect on January 1, 2020 is updating your privacy policy. In addition, you must make contacts aware of just what changes you issued to this policy and how it affects them.
As a main tenet of the legislation, it’s imperative you get this initiative completed correctly and in full before the enforcement deadline of July 1, 2020.
Because updating your privacy policy and sending a consumer notice is so important for proper implementation of the CCPA, we’re covering the requirements you must follow to execute them. Checking these items off your compliance list will help make sure you’re in the clear with legislators and customers.
CCPA privacy policy requirements
If you’ve recently updated your privacy policy to meet the parameters of the General Data Protection Regulation (GDPR), you have a head start on making it compliant with the CCPA.
Although the rules share similarities, there are differences. And your privacy policy will have to be retooled to comply with the CCPA standards. According to the CCPA guidelines, privacy policies must inform consumers about:
The personal information categories the business has collected.
The intended use purposes for each category.
In addition, you must also include disclosures if you collect additional personal information categories or use collected personal information for unrelated purposes.
Companies must be diligent about identifying where their privacy policies live across their digital properties. Each and every one of these must be updated appropriately and consistently maintained.
In the fast-paced digital world, privacy policies that are most effective will be designed responsively so they can be viewed and accepted on any device. And keeping a detailed version history to track changes is a smart move, too.
CCPA consumer notice requirements
Not only do you have to publish an updated and fully CCPA-compliant privacy policy, but you also have to tell your contacts about it, too.
Under the CCPA regulation, this action is called “notice” and often takes the form of an email marketing message. It can also include short-form notices such as web forms, just-in-time pop-ups in mobile apps, and even cookies banners. It requires that “at or before the point of collection” companies reveal to consumers the categories of personal information the company collects and for what purpose the information is used by the company.
This includes personal information collected, disclosed, or sold. That means third parties involved with the business and the use of data also have to be revealed in the CCPA notice.
Most importantly, the notice should give consumers the opportunity to opt-out of the sale of their personal data.
Automate CCPA compliance with technology
Implementing the CCPA requirements for privacy policies and notices can be a handful. But it doesn’t have to be this way.
Privacy management technology allows you to centrally update, host, and manage internal and external policies and notices across all digital assets. You can access libraries of CCPA-compliant privacy policy and notice templates, too.
In fact, technology automates the entire process so you can get back to what’s important.
OneTrust is an industry leader in privacy management software. To learn how it can help your business comply with the CCPA, visit OneTrust for CCPA or watch this webinar today.
