Nearly 92% of companies worldwide use a database to store information on a customer or a prospect.* You probably already know that the system you use to store all customer data must be in compliance with the CCPA. Here are some of the key areas you can improve to protect your data adequately.
1. Stop thinking of regulation as the enemy
Many experts say that the California Consumer Privacy Act (CCPA) is the first strong privacy regulation enacted within the United States. Like any new legislation, it can be very confusing at first sight. But once you understand it, you learn that it also provides several advantages.
Similarly to the EU General Data Protection Regulation (GDPR), the main goal of the CCPA was not to bully anyone, but to build greater trust among customers, ensuring thorough data privacy. If you comply with the CCPA, your company will be able to collect data accurately and your marketing strategies will be based on reliable data.
The CCPA is not just another irritating bureaucratic burden for your business – it actually helps you build a trustworthy relationship with customers. And trust remains a crucial commodity, when it comes to business. So, try to think of it as of a guide that prevents your customers from withholding their data or giving up on your company altogether.
You can start by establishing privacy portals where your customers can access their data and give their consent for the personalized services they find valuable. Or you can challenge yourself and make your privacy statement more readable or amuse your customers somehow to get their attention, as the number of people who read privacy statements in their entirety is still quite low.
2. Make sure that you and your colleagues understand the term “personal information”
Sounds odd or too basic? There is still a misunderstanding of this term among businesses; thus, it is essential to properly define what personal information is.
Today, each of us leaves data trails of our personal lives on the internet, similar to Hansel and Gretel laying a trail of breadcrumbs to find their way home – but anyone could use these breadcrumbs to monitor them.
The CCPA defines personal information as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Apparently, we are talking about a broad category here. Personal information is not only contained in IBANs, IDs, emails and contact information. It can also be contained in data that might not seem personal at all. According to the CCPA, personal information consists of person’s behavior as a consumer, such as preferences, characteristics, psychological trends, attitudes or intelligence. These nuances should be part of effective training on the CCPA.
3. Ask for legal advice
The CCPA does not require you to hire an arbitrator to monitor whether you protect consumer rights at all costs. Nevertheless, if you have any doubts, don’t be afraid to ask for legal advice to ensure that your organization is on its way to fully comply with the CCPA.
You may not have any trouble implementing new processes into your business, but since the CPPA came into effect in January 2020, we have seen some delays in the finalization of implementing regulations and yet there are still some attachments to the CCPA ahead of us. After some additional revisions, the final regulations were approved in August 2020 by the Office of Administrative Law, but there may be further changes on the horizon. This is why it might be useful to ask for help.
4. Keep evidence of compliance
Sooner or later, you might be called upon to explain how your business deals with data. Do you really use customer data for the purpose it’s collected for? Good. And are you prepared to prove it to a legislator?
You should keep track of all data touchpoints, from collection to use. Try to implement data leak prevention technologies and processes that help your organization both reconcile information across systems and processes and build stronger auditing that can trace data trails. Do not forget about the data you store offline. This is especially important during any crisis that impacts the way you run your business, such as COVID-19.
5. Do not leave compliance with the CCPA to one department
Leaving the responsibility for compliance only to your IT department is not the right solution. The CCPA affects many different areas of business, and all of your employees should be provided with training in order to understand how the CCPA affects both them and customers.
If you have your own IT team, it is surely able to manage some of the key steps that lead to better compliance with the CPAA. But if your IT team has to manage everything, it may get overwhelmed. Your IT staff also needs to stay on top of patching, monitoring for threats and being ready to respond to any security incidents. Responsible employee behavior will go a long way toward relieving the burden on IT staff.
6. Beware of accidental spread of information about customers on the internet
Monitoring data leaks has brought a lot of surprising information. Even though customers’ details are often considered one of the most critical data assets – mainly in healthcare and the financial sector – businesses are still suffering leaks of sensitive data containing customers’ information, such as activation contracts and IDs.
This often happens due to negligence. Beyond that, this data is sometimes uploaded to public servers for free file sharing where anyone can download them. And there are darknets, where the data could be sold, too. According to the CCPA, your customers have the right to know what data is collected on them and even to delete their data records. Make sure that you have taken sufficient security measures to keep this data safe against any breach.