CCPA Compliance Checklist: 7-Week Countdown

With the California Consumer Privacy Act (CCPA) going into effect on January 1, 2020, we’ve put together a CCPA Countdown Checklist for organizations to follow.

Last week, we discussed #3 off of our checklist about informing visitors about information that is collected when they visit a website.

This week, we’ll review #4 off the CCPA compliance checklist.

CCPA Compliance Checklist

1. Understand what the CCPA is and if it applies to you
2. Determine what data is collected from California consumers and for what purposes they are used 
3. Inform visitors what personal information is collected when visiting your website
4. Offer an online form for consumers to access, request deletion, or opt out of sales of their personal information  
5. Add a “Do Not Sell My Personal Information” link to your website’s homepage and privacy policy
6. Create a toll-free number for consumers to make consumer rights’ requests over the phone  
7. Maintain detailed, ongoing consent records for compliance   
8. Develop a process to respond to consumer requests within 45 days from when the request was made  
9. Obtain opt-in consent from children between ages 13-16 to sell their information; a parent of legal guardian required to opt in on behalf of children under 13 years old  
10. Provide consumers who exercise their privacy rights the same products and service quality

CCPA Consumer Rights Related to Intaking Requests

Under CCPA, consumers have the right to access, right to opt-out and right to delete. These can all be addressed by using consumer request management tool.

Right to Access

Right to Opt Out

Right to Delete

Right to Access

Consumers have the right to request access to personal information that a business has stored about them, and the business is required to provide details about the information that was collected.

Right to Opt Out

Consumers have the right to opt out of the sale of their personal information to a third party. Businesses that are subject to CCPA will be required to insert a Do Not Sell link on their homepage — as well as in their privacy policy — that leads to an opt-out page for consumers.

Right to Delete

Consumers can request to have their personal information deleted, and businesses must comply with their requests. Under the CCPA, personal information includes information such as name, postal address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

How CookiePro Helps

With CookiePro’s Consumer & Subject Requests module, website owners are able to create branded intake forms that automate consumer requests from intake to fulfillment.

• Build a CCPA-specific request intake web form linked directly from your company’s website using customizable settings and multiple languages.
• Enable website visitors opt out out of the sale of their personal information and opt back in after 12 months through a clear and conspicuous link on your website.
• Provide a custom toll-free number to automatically intake consumer requests via phone.
• Centralize all consumer access requests into a single queue to demonstrate compliance.
• Define an automated triage workflow for fulfilling requests within 45 days.
• Track consumer opt-outs and leverage built-in integrations to relay the information to your existing systems.
• Sync verifiable consumer consent across systems to avoid the unauthorized sale of data.
• Transmit a notification to a data subject to protect the communications and information being provided.