CCPA Checklist: Distilled and Digestible

There is a set of guidelines explicitly laid out in the California Consumer Privacy Act that are required for compliance. We’ve put together a comprehensive suggested checklist to reference as you venture on your CCPA compliance journey. Let’s start by reviewing the requirements.

CCPA Requirements

  • Provide access to individual consumer’s data when requested
  • Provide data in an easy to access format
  • Ability to opt-out of selling personal data that is easy to find and to access
  • Option to opt-out of selling personal data to third parties
  • Option to erase all personal data is on file (with exceptions)
  • If a consumer opts-out, they still rights to equal services and prices as those who opt-in
  • In the event of a breach, individuals have the right to file a suit that can result in the individual being paid as much as $750 (each)
  • If you violate compliance of this act, there are monetary penalties that will be enforced

For more information on CCPA in general and if you need to comply, check out this article.

More On Identity Verification for CCPA, Because That’s Our Jam

Identity verification is an integral part to the CCPA compliance workflow because the more confidence you have on who you are providing sensitive personal data too – the safer you are from lawsuits. Very important if you don’t want to start writing checks for $750 a pop for each personal lawsuit filed due to breaches or info sharing mistakes.

We already know what you are thinking, adding another step to the already arduous and complicated process will be really annoying for our end-users. Wrong. Identity verification should seamlessly integrate with your existing digital workflow – if it doesn’t, consider a different solution. Also, it’s a necessary step for CCPA compliance so shortcuts won’t work here.

Part of what makes identity verification seamless is by providing policies for different levels of authentication and assurance that work for your flow. With us, you can do a simple telecom ping all the way up to the highest assurance to meet NIST 800-63-3 standards. Whatever your needs are we’ve got it, and it will be seamless.

No New Accounts

Because the CCPA law states that you can’t require your end-users to create an account to make these requests – you need a solution that has options. We can facilitate that. There are three types of end-users that will enter the CCPA flow: account creators, one and done and existing users.

  • Account creators are those who like to invest time now to save time in the future. They will create an account and verify through your workflow so that they can securely log-in in the future wherever our solution is implemented.
  • The one and done folks are going to do the least amount possible to get through the CCPA workflow to get the information they are after and won’t create an account.
  • Existing users know us and love us. They have already created an account with us – all they have to do is log in. It’s called an interoperable login. A mouthful, we know. All it means is that they previously created an account on another site but their login works on yours too. Just click our button and login. By the way, we already have over 4 million users in California.

Data privacy and security is our new normal. You’d do yourself a favor to act now. We can help. We’ve immersed ourselves in all things CCPA and we’d be happy to help you unpack what you need.