Since the introduction of the California Privacy Act, workplaces have gone through many adjustments.
By modifying the way businesses can handle customers’ and users’ data, the entire working process has changed.
Thus, in order to comply with this regulation, you’ll need to re-organize the way you and your staff run the business.
Educating your employees about the changes is one of the first steps to take. This way, you and your team will manage users’ personal information properly and effectively, keeping you safe from potential fines.
This article will provide you with four tips on making sure your employees understand the California Privacy Act.
Let’s get to it.
What is the CCPA?
The California Privacy Act, introduced in 2018, is a rigorous set of data protection laws that regulate how companies and other organizations may handle the personal information and data of California residents.
Personal information (PI) under the CCPA includes:
- Direct identifiers (e.g., name and address)
- Unique identifiers (for instance, cookies and account names)
- Biometric data (such as facial images or fingerprint data)
- Geolocation data (e.g., location history)
- Sensitive information (e.g., health data)
- Internet activity (such as search and browsing history)
- Commercial information (such as products and services purchased)
What Businesses Must Comply with the CCPA?
If your company falls within the CCPA’s definition of a business, then you must comply with it. In such a case, to be considered a business, you must meet three major components:
- A company operating in California that is for-profit
- That collects personal information from consumers
- That meets at least one of the following threshold requirements:
– Gross revenues exceeding $25 million annually
– Buying, selling, sharing, or receiving the personal information of at least 50,000 consumers, households, or devices per year
– Has at least 50% of its revenues derived from selling consumers’ personal information
The regulation also applies to businesses outside of California and even outside of the United States that collect personal information from Californians while they’re in California.
Consumer rights under the CCPA you and your employees need to be aware of
The California Consumer Protection Act grants consumers four categories of rights that you and your employees must absolutely know.
Here are all the most relevant rights:
Right to know about the personal information your business collects
First and foremost, customers have a right to know what types of data your business collects, why you need to collect it, how you will use it, and if you will share it with third parties.
Obviously, the customers must have the right to access the personal data you possess.
Right to reject the sale of their personal information
All customers have the right to refuse to have their personal data sold to third parties for any reason.
Thus, you must ask for their consent before selling any of the information you collected.
As well, if customers object to the sale of their data, you cannot ask them for their consent again for at least 12 months after the day they object.
Right to non-discrimination for exercising their CCPA rights
Customers have a right to non-discrimination as well. You cannot discriminate against customers who refuse to market their data.
Discrimination can take the form of:
- Refusing to provide services
- Delivering goods or services of lesser quality
- Giving discounts or other incentives to customers for merely consenting to market
Right to delete personal information collected from them
Also, customers have the right to deletion, or the right to be forgotten. They can, in other words, request that you delete all the data they provided you at any time.
Why it is important to make sure your employees understand the California Privacy Act
There are many reasons that explain why it is important to make sure that your employees understand and comply with the California Privacy Act.
Below you’ll find some of the most relevant.
Stay away from fines
There are heavy fines for those companies or organizations that don’t comply with the California Privacy Act. Fines include:
- Intentional violations. If your company or organization doesn’t take any step to cure or fix a violation of CCPA, then this would be considered an intentional violation. These violations carry fines of up to $7,500 per violation.
- Non-intentional violations. Your company can face a non-intentional violation when it is unable to provide data security measures to users and customers. Such violations could cost your business up to $2,500 for each violation of the CCPA requirements.
Increase the trust of users and customers
Data-privacy regulations, such as the CCPA and GDPR, have made users and customers more aware of the importance of protecting their personal data.
Thus, their interest and curiosity about how their data will be used by a company or organization are increasing. They wish to be able to control any type of action and be able to manage it freely.
As a result, by being in compliance with the CCPA, and letting your customers and users know about it, as well as giving them the option to request private information, you can build a lot of trust and look professional.
Thus, the certification of CCPA compliance will serve this purpose very well.
Establish a professional brand’s legitimacy
In the early stages of its introduction, every customer thought the CCPA was only for large companies. The reason for this is that customers tend to associate big data and privacy with large organizations that handle a significant amount of personal information.
As you may already know, however, the regulation also affects small businesses.
Despite this, customers and users still have a perception of that psychological association.
Therefore, you can use this thought to your advantage. In particular, you can get CCPA certification at a minimal cost, and by showing it to users, you will be able to associate your business with major corporations, enhancing your brand’s credibility and legitimacy.
4 ways to make your staff aware of CCPA
There are a variety of ways to ensure your staff is aware of CCPA and that your business is fully compliant.
Below you will find a list of the four most important methods.
- Provide necessary information
To make your employees understand the CCPA, you primarily need to provide them with all the necessary information.
To achieve this purpose, you can create policies and store them within a document, using online data storage, accessible by all your staff and users as well.
Prior to distributing the policies to your team, make sure they totally comply with the CCPA.
After you have created this document, make sure that all employees have acknowledged it.
You can use a system to keep track of who has opened documents and ask employees what they have read and understood. Alternatively, you can send a notification by email or instant message and request a response once completed.
- Train your employees for the implementation of the CCPA
By training your employees frequently, you can avoid potential data breaches.
To ensure that your organization or company complies with the CCPA, make sure that your employees have all the tools they need. For example, handy flow charts can help identify what they need to do.
Likewise, you can develop an online training program with learning paths that guide your employees through videos, policies, and courses.
Make these resources accessible at any time. This way, an employee may get his or her doubts solved right away.
- Implement a reorganization of certain processes
Considering CCPA’s important modifications to how to handle users’ information, you’ll need new processes to support these new policies.
Thus, for instance, you’ll need to assign additional responsibilities to some of your employees.
You can create a straightforward document in which you state clearly how your company should collect, manage, and delete data to ensure they understand their additional responsibilities.
Moreover, you could prepare singular, personalized documents to provide to those taking on extra duties.
- Consider the use of automation technology
It is now unbelievably valuable to have technology that automates processes and actions, alerts those responsible to carry out their tasks in the chain, confirms that they have completed them, and alerts the next person to carry out their task.
A simple tool would be a project builder that would create a list of ordered tasks and assign them to certain team members.
By doing so, you will ensure your employees are following your policies and complying with the CCPA.
Furthermore, you can automate the process of ensuring that your website is compliant. Just to make an example, Osano is a data-privacy platform that automatically scans your website, finds all cookies, monitors all of your vendor’s privacy practices, and then enables compliance with the CCPA.
We’re finally at the end of this article about four tips on making sure your employees understand the California Privacy Act.
There are many advantages to preparing your staff for the changes, including avoiding heavy fines and improving your brand’s credibility.
Thus, it is worth it to inform and train your employees to comply with all the regulations, even if this will require a little extra cost or investment.
If you want to learn more, check out Osano’s blog. There, you’ll find in-depth articles and guides on the topic.