Only two percent of respondents to a survey on CCPA preparedness by the International Association of Privacy Professionals this summer said they felt completely ready for the new rules. On a scale of one to 10, the average level of readiness for respondents was 5.27—up from 4.75 when the survey was first conducted earlier in 2019, but still a long way from perfect.
Non-compliance will become pricey: when enforcement actions begin on July 1, 2020, the California Attorney General will be able to seek civil penalties of $2,500 per violation. AdLawAccess.com offers ideas creating a plan to get your organization ready for CCPA.
Make it clear: On your site, post notices in transparent, straightforward messaging addressing CCPA in language that a consumer would actually understand. Vet your privacy policies to make sure they accurately represent your company’s practices and don’t contain false or deceptive statements. And, include simple and easy to find directions on how consumers can submit requests to opt out of the sale of personal information.
You May Also Enjoy:
- CCPA: Consider It A Blessing, Not a Burden
- Declining Consumer Confidence and Privacy Regs Concern Marketers
- GDPR: 3 Tips for Compliance
Make protecting personal information a priority: Insure that your company is in compliance with industry standard practices. This includes reviewing software and hardware connected to a network; limiting user and admin privileges; assessing system vulnerabilities; defending against malware; providing proper security training for employees and vendors; and having a response plan in place if there is a security breach. Documenting these efforts is crucial, notes AdLawAccess. “Being able to demonstrate that it followed these controls, and how, will be a critical part of a company’s defense.”
Know how CCPA will impact your digital advertising plan: Under the new rules, companies need to look at how they use data for interest based advertising and retargeting. Publishers may be considered to have “sold” personal information if they pass along certain types of data to partner firms, depending on their relationship with the partner company and how the partner uses the data. “For partners that are not intuitively service providers or obvious recipients of data sales,” says AdLawAccess, “more analysis and industry benchmarking on interpretations are likely warranted.”
Also, if you’re working with a vendor to place cookies or tags on your site, make sure these activities are cataloged, so you know to what extent they might represent the potential “sale” of personal information.