Ensure Your Business Complies with California Privacy Law: Practical Tips for Handling Privacy Rights Requests

Contributors: Jason de Klerk & Isabel Fernández del Campo Aguiló

If you’re running a business that operates or processes the personal information of California residents, it’s important to understand whether the California Consumer Privacy Act (CCPA) applies to your company, and, if it does, what your obligations are under the act.  This post provides valuable insights and tips for companies to ensure compliance with their consumer privacy rights obligations under the CCPA.

The CCPA gives Californians several rights, such as the right to be informed (often through a compliant privacy notice and notices at collection), the right to know what personal information is collected and why, the right to have personal information deleted, the right to have inaccurate personal information corrected, the right not to be discriminated against for exercising their privacy rights, the right to limit the use and disclosure of sensitive personal information, and the right to opt out of the sale or sharing of personal information. 

Here are some practical tips to help you avoid fines and ensure that you respect the privacy of the individuals whose personal information you handle:

  1. Know the personal information you handle: Identify all personal data you collect, process, store, and share by creating a data map or inventory.
  2. Have a clear, accurate and complete privacy notice: Make sure your privacy notice complies with the requirements of the CCPA and clearly states how you collect, use, disclose, and protect personal information in an easy-to-understand way. 
  3. Set up mechanisms for individuals to submit their privacy requests to your company: If an individual wants you to delete, correct, or limit how you use their personal information, they need a way to submit such requests to you. This could include setting up a toll-free number, a web form, or an email address. You will need a process to verify their identity, and the authority of their authorized agents.
  4. Ensure proper handling of privacy rights requests: Set up a process for properly responding to privacy rights requests within the statutory time limits (normally, 10 or 45 days). The best way to do this is by creating internal policies that set out how to process each type of request, including how to verify the identity and authority of the requestors, and train your employees on the policy. 
  5. Contractually oblige your service providers to assist you with privacy rights requests: Have agreements in place with the vendors to which you disclose personal information that require those vendors to forward privacy rights requests to you, only respond to requests following your instructions, and to help you obtain, correct, and delete the personal information the requests relate to. 

Protecting consumers’ privacy and meeting your CCPA obligations (such as your consumer privacy rights obligations) is critical for building and maintaining trust in your business. Don’t let the complexity of the task hold you back. Let VeraSafe’s team of privacy law and IT professionals simplify the process for you by ensuring that you have the necessary policies, notices, and procedures in place, and even handling your consumer privacy rights requests on your behalf. Engaging VeraSafe will allow you to focus on what you do best – running your business. Take a step towards CCPA compliance and peace of mind by learning more about our CCPA Compliance Service and contact us today to get started

Contact VeraSafe to discuss your data security management and privacy program today.