Recently California’s Consumer Privacy Act (CCPA) came into effect. It introduced a slew of new regulations, and if your company is in California or the US you need to be aware of them.
More specifically if you want to be ready for the CCPA, you should check these 10 key points:
- Fulfill its purpose
The purpose of the CCPA is to establish a set of standards and give consumers certain rights over how their personal information is collected and managed. Any data collection that you carry out needs to comply to this, including employee monitoring via WorkExaminer.
- Make sure it applies
The CCPA regulations apply to any business operating in California that fulfill certain criteria. If your business collects data from over 50,000 people, obtains half its income from selling consumer data, or has a revenue of over $25 million – the CCPA will apply to it.
- Don’t limit the location
As mentioned, technically the CCPA only applies to businesses operating in California – as it is a state law. However many tech companies are implementing it for all US-based customers, and you may want to consider doing the same.
- Meet data handling requirements
Under the CCPA, data handling has a significant requirements that you need to meet. Broadly speaking its goal is to ensure the privacy of personal information via the implementation of various initiatives.
- Provide opt-out of selling and sharing
The CCPA is very particular about selling or sharing personal information. If your business does either, it needs to give customers the right to opt-out of the sale or sharing of their personal data.
- Notice on scope of employee monitoring
If you’re company is engaging software in monitoring and other oversight activities, your employees need to be notified regarding its scope. The use of WorkExaminer to monitor employees and prevent data breaches falls under this bracket, and you need to define what data will be collected – and the reason behind it.
Keep in mind that WorkExaminer can collect many types of data including online activity, apps that are being run, keystrokes, screenshots, and more. For each type you need to have a reasonable explanation as to why it is important.
- Use technology to provide oversight while maintaining privacy
The key to CCPA compliance is to take into account the privacy of employees and how it is affected by monitoring or oversight activities. Technology can help on that front, and for example you could share the data WorkExaminer collects on employees with them – to provide transparency.
- Be aware of the consequences
After July 1st 2020, the California Attorney General will be able to pursue civil penalties against any company that does not comply with the CCPA. The penalties can be costly, ranging from $2,500 for each violation to $7,500 for intentional abuse.
- Prepare for the future
Although the CCPA is restricted to California, other states (and countries) are already drafting similar privacy laws. It is important that you prepare for them, complying with the CCPA is really just the first step.
- Protect your customers and employees
Don’t think of the CCPA as a regulation that is designed to get in your way. Instead, view it as one that will help you to protect your customers and employees by improving your data security. It will inspire and build trust – making it really an opportunity in disguise.
So how ready is your company for the CCPA? Whether or not it is affected by it, you should definitely take data privacy and security seriously – and protect your company, its employees, and your customers.