Are you CCPA Compliant?
The enforcement of the California Consumer Privacy Act (CCPA) set to begin July 1, 2020 remains on track. With this date quickly approaching, it’s important to put in place the necessary measures to be in compliance. While many aspects of your business may be subject to the new regulation, none are likely to be more susceptible to external scrutiny by consumers, activists, and authorities than your website.
Here’s a look at five highly visible features that must be present on your website to comply with the California Consumer Privacy Act CCPA:
1. CCPA Consumer Rights Description
3. Data Collection Notice
Your website needs to provide notification to California consumers “at or before” the point of collection of the categories of data to be collected as well as the business purpose for collecting that data. A link to this notice should appear on every page where consumer data is collected and be formatted in a way that attracts the attention of California consumers. When clicked, the ‘Notice at Collection’ that appears should be written using common, non-technical language to ensure the consumer clearly understands what data will be collected and how it will be used. The notice should also advise consumers that no other types of data other than those disclosed in the notice will be collected and the collected data won’t be used for any other purposes than those disclosed.
4. Consumer Rights Request Webform
Your website needs to contain an interactive webform to enable Californians to exercise the rights granted to them under the CCPA. These include the right to request:
- A portable copy of their data (‘Right to Access’)
- Personal data be deleted (‘Right to Delete’)
- Personal data not be sold (‘Right to Opt-Out’)
5. “Do Not Sell My Personal Information” Link
While the absence of any of the above will draw the attention of the regulators, their presence doesn’t guarantee CCPA compliance. The proposed regulations have plenty of details to consider when implementing these features. Best practice is to always review the actual regulations with your legal and compliance teams when planning your CCPA website implementation or enhancement projects.
How Covestic Can Help
At Covestic, our Governance, Risk, and Compliance (GRC) team is well-versed in consumer privacy and data protection requirements. Whether your organization needs to comply with CCPA, GDPR, or similar privacy regulations, we have the regulatory compliance expertise as well as the deep ServiceNow platform experience needed to ensure your compliance solution is not only effective but also highly-efficient and scalable. We can help accelerate your time to compliance and ensure that your ServiceNow solution remains continually compliant and regulator-ready as consumer privacy laws continue to emerge both domestically and internationally.
For more information, please check out our recent webinar Achieving CCPA Compliance with ServiceNow and Covestic or email us at firstname.lastname@example.org.
About the Author
Mike DeAndrea, GRC Practitioner and Advisory Solution Architect, Covestic
With more than 20 years of applied expertise in Governance, Risk, and Compliance, Mike helps Covestic customers understand how they can leverage the power of ServiceNow to meet their regulatory compliance needs in the shortest time. Mike has extensive experience both as a practitioner and a consultant. As a practitioner, he managed the compliance efforts of a large enterprise-wide IT operations department of a multi-billion-dollar, multi-national company for several years. As a consultant, Mike has been helping high-profile customers deploy GRC solutions in ServiceNow for over five years. He maintains a number of ServiceNow and industry certifications, and specializes in designing compliance solutions that are not only effective but also highly efficient, that minimize the time to value, and that drive down the cost, burden, and impact of compliance on your organization. Connect with Mike on LinkedIn.