You might be saying, “I don’t live in California, I don’t have to understand the California Consumer Privacy Act (CCPA), and why is a company that does shredding in Minnesota writing about it?” It doesn’t seem like it would affect many Minnesotans, or non-Californians, but that’s not exactly true. Even non-Californians should understand how the new law that went into effect on January 1, 2020 could impact their data.
For Californians, the law seeks to regulate how companies handle residents’ data. Companies need to brush up on how they’re handling these four main areas the CCPA is stating they need to be more transparent about: Notification of personal information collection, Personal Information Sale Opt-out, Personal Information Removal, and Service Equality.
Yes, the law covers all Californians, but it also covers all companies that do business within the state that meet one or more of the following criteria:
- Make over $25 million in gross revenue
- Annually buy, receive, sell, or share the personal information of 50,000 or more consumers for commercial purposes
- Derive 50 percent or more of its annual revenues from selling consumers’ personal information
Experts are saying that California is the first state to make these mandates, but these other states aren’t far behind. Washington, Nevada, Massachusetts, and New York, are introducing their own privacy legislation.
If you work at an organization that meets one of the four criteria above, but you haven’t moved on being CCPA compliant, here are three steps you can take to get the ball rolling.
- Review your company’s current privacy policies:Understand what policies are already in place, how they are incorporated into day-to-day business operations, and what needs to be updated as to comply with the CCPA.
- Build your privacy team: Privacy impacts more departments than you might think. Legal, HR, Sales, procurement, business operations, and IT will all be affected. Put together a privacy task force team and consider hiring or appointing a seasoned privacy officer who can ensure you’re in throughout your organization.
- Make Privacy a priority across the organization: Insure everyone in your business knows their role in privacy compliance. Integrate privacy awareness into your workplace culture, training, and business operations. Develop policy on how teams react to requests from customers on their data and information, and determine how to respond on how your company collects data on your customers.
The landscape of data privacy is ever changing. Yes, we specialize in shredding and secure destruction, but feel that one of our goals should be helping you navigate it. As more states craft their own version of the CCPA, we’ll keep track of it and let you know how it could affect you or your business. Ultimately, the more you know about how your organization collects, stores and destroys its data, the easier it will be for your organization to adjust to new legislation if necessary. If you don’t know what’s happening with your company’s data, we can help you craft a plan. Click here to get a quote from us, and we’ll help you get a data destruction/shredding plan in place, now!