California Consumer Protection Act (CCPA) Compliance

Backbone Consultants’ team of Certified Information Privacy Professionals (CIPP) can guide your organization through the California Consumer Protect Act (CCPA) compliance process. CCPA applies to all business in the State of California, and/or businesses that collect or sell personal information on Californian persons, households, or devices. Organizations that fall in-scope of the CCPA and fail to meet the requirements outlined by the law, in effect January 2020, may be subject to considerable financial penalties.

Understanding if the CCPA applies to your organization, operational implementation, and demonstration of controls, are key areas Backbone Consultants expert team of professionals can help your organization navigate. With a focus on ‘right work right fit’, we will work to understand the unique challenges the CCPA introduces to your organization and provide leadership and direction for compliance. Readiness assessment, privacy impact analysis, and control implementation are additional services in-scope of our service offering. Additionally, our approach to CCPA compliance includes the following foundaitonal components:

Data Subject Access Request (DSAR): A process that provides consumers a minimum of two access request options. Your organization must respond to consumers in a defined time period and provide a full list of all points of data collection and sale to third parties. All individuals within your organization responsible for handling consumer inquires must receive training on how to help consumers exercise their rights under the CCPA and how to do so within their organization.

Request & Fulfilment of Data Erasure: Organization must be prepared to complete the erasure of applicable data as requested by the consumer within the mandatory time period. Ensuring a mapping of all applicable data will expedite the accuracy and completeness of this process.

Data Subject Consent (Opt In/Out): Organization must provide consumers the ability to easily and transparently opt-out, or in specific cases opt-in, to the sale of their data at the time of collection. This includes all publicly facing websites accessed by or hosted in the State of California.

The first step in compliance to the CCPA is to understand what and where your company collects and/or sells personal data. Mapping and inventory require expertise in various information systems and business processes. Help to navigate your organization's culture, risk appetite, and relationship to third parties are also core competencies of Backbone Consultants.

Backbone’s CCPA Compliance Services will help ensure your organization is meeting the privacy and security requirements outlined in this new US data protection framework. Let our Certified Information Privacy Professionals (CIPP) provide the expertise needed to design, build, and implement a sustainability strategy for your CCPA compliance program.