5 Tips to help your CCPA strategy

With the new year upon us, it may be time to reevaluate your privacy protocols and procedures. Given the many challenges faced by companies in 2020 (and there were many), companies of all shapes and sizes either rushed their efforts to comply with the California Consumer Privacy Act (“CCPA”), or put those efforts on the back burner. If your New Year’s resolution is to get a better handle on your CCPA obligations, the five items listed below will put you on the right track.

1. Purge personal information without a business purpose

   Do you have consumer data from 10 years ago that you don’t use? Like that turquoise tuxedo that you wore to your high school prom, get rid of it! Reducing the volume of personal information that your business stores, a practice called data minimization, is the least costly thing that a business can do to comply with privacy regulations like CCPA. Data minimization mitigates the exposure in a data breach, reduces the work to establish and maintain a privacy program and minimizes the work of responding to data subject access requests. 

2. Review your security practices and procedures

   Privacy laws like CCPA require companies to implement “reasonable” security practices and procedures, based on the size and scope of the organization, so that the personal information of residents is protected. The term “reasonable” will be different for Silicon Valley titans than what it means for smaller operations, but in general your company must implement administrative, technical and physical safeguards that align with your operations.
   
   

3. Update your privacy policy
   
   

   CCPA requires businesses to provide a publicly-available (e.g. on your website) privacy policy that can be read and understood by consumers. The policy should include certain items such as the type(s) of information collected by your company, why it is being collected, who you’re sharing it with, and consumer rights available to users. You should include a link on your website landing page to the privacy policy, and make sure that you’re updating it at least once every twelve (12) months to stay compliant. 

4. Leverage third-party technologies

   
   It’s unlikely that data privacy is your business, but it’s ours! A number of tools exist in the marketplace that can provide an out-of-the-box data privacy program to enable you to focus on the day-to-day operations of your business.

5. Prepare for the future

Unfortunately, there is no “one-size-fits-all” approach to data privacy compliance. Laws across the country and the globe are being implemented and updated regularly, and it’s hard to keep up. As internal and external change occurs, businesses need to update their privacy and security programs accordingly. 

How Can Clym Help?

Clym believes in striking a balance between legal compliance and business needs, which is why we provide a cost-effective, scalable and flexible platform to comply with LGPD, GDPR, CCPA and other laws, including those in the UK, as they come online. Our platform provides consumers with an effective and easy-to-navigate way to opt-out of data collection while not infringing upon the website UI that businesses rely on to drive revenues. Contact us today about how your company can implement Clym to help manage your data privacy regulation compliance from a global perspective.