CCPA RESOURCES CENTER › CCPA COMPLIANCE CHECKLIST
Creating a CCPA-compliant privacy policy and other required notices will take advantage of all the work you’ve done in the previous steps, effectively translating your data map into a public document. Use the following checklist to make sure your privacy notices meet the CCPA’s requirements.
Most businesses already have a privacy policy; this is a good time to make any necessary updates based on your CCPA preparations.
This will be an addition to your business’s current policy, with everything needed to meet the CCPA’s notice requirements.
Consumers have a right to know, right to delete, right to opt out, and right to non-discrimination.
Different requests must be verified to different degrees based on the personal information involved. The CCPA addendum should cover these verification procedures.
Consumers may make privacy requests through an authorized agent, though the business may also need to verify their permission to act on the consumer’s behalf.
Refer to your business's data map.
Refer to your business's data map.
Refer to your business's data map.
Your business will need to create a data retention policy.
Refer to your business's data map.
These contact methods should reflect the means by which a business normally interacts with consumers. For example, a business that mostly interacts with consumers online must provide at least one online contact method.
Employees and job applicants have the same rights as anyone else, so you'll need to include privacy disclosures in application and employment paperwork.
Businesses that sell or share consumers’ personal information must provide a “Do Not Sell or Share My Personal Link” on their homepage which goes to either a separate web page or section of the privacy policy which informs consumers of the selling/sharing practices and their opt-out rights.
Though businesses may not discriminate against consumers who exercise their CCPA rights, in some circumstances they may offer financial incentives to consumers for opting in to the sale or sharing of their personal information. If they do so, they must provide an additional notice that covers the details of those incentives.
Businesses that annually buy, sell, share, or receive the personal information of 10 million or more consumers must compile and disclose additional data in their privacy policy.
If your business has knowledge that it sells or shares the personal information of consumers under the age of 16, it must make additional disclosures regarding the special rules for obtaining their consent.
If a business collects and uses personal information at its physical store locations, it must disclose this in its online privacy policy, provide a notice at the point of collection, and designate a toll-free number for making CCPA privacy requests.
Links to the privacy policy should be placed at every point where personal information is collected.
Your business’s privacy policy is the most conspicuous expression of CCPA compliance, so it’s important to get it right. TrueVault takes all the necessary information from your business’s data map and instantly generates all the required CCPA privacy notices.
Contact our team to learn how TrueVault can streamline your CCPA compliance.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal advice. This content is not a substitute for obtaining legal advice from a licensed attorney. The information on this page may be changed without notice and is not guaranteed to be complete, correct or up-to-date, and may not reflect the most current legal developments.
201 Mission Street, 12th Floor
San Francisco, CA 94105
Email: hello@truevault.com
2022 © All Rights Reserved. Privacy Policy | Terms of Use | California Privacy Notice