By Martin Canwell, Senior Solutions Consultant, Aptean, looks at the steps businesses can take to ensure CCPA compliance
While the central purpose of the California Consumer Privacy Act (CCPA) is to give Californians more control over their personal information, the only way this will become a reality is if businesses are able to get to grips with the legislation, putting in place the right processes and procedures to guarantee the fundamental rights enshrined in the act. As with all new legislation, there’s a great deal of information for businesses to take on board, but, get it right from the outset, and CCPA compliance, something that since July 1st is enforceable by California’s Attorney General, will soon become just another everyday business process, albeit one that presents a real opportunity to boost customer trust.
As defined by the CCPA, alongside the need for businesses to publicize how consumers’ personal information is used, organizations need to enable consumers to exercise three specific rights: the Right to Know, the Right to Delete and the Right to Opt Out. For many, capturing and fulfilling these requests is a daunting prospect and it’s not unusual for firms who are facing new regulations to put up barriers to try and prevent an influx of cases that could swamp their teams, a strategy that can do more harm than good in the long term. In reality, with the right systems in place, it can actually entail little effort and cost to meet these new obligations while still providing optimum levels of customer service.
Take the Right to Opt Out, for example. Embedded links on websites can link straight back into a organization’s back office system, enabling customers to populate their own fields, checking their own opt-out boxes which ensures their information won’t be used by the business. Not only does this prevent potentially multiple interactions with the business’s front-line teams, but it puts the power directly into the hands of the customer, speeding up the entire opt-out process and mitigating against any errors that inevitably occur when more people and touchpoints are involved in a process. This seamless integration of front and back end systems streamlines workflows for the business while ensuring compliance with the California Consumer Privacy Act regulations.
When it comes to the Right to Delete and Right to Know, such requests can come into the business via multiple channels, and won’t always be readily identifiable as CCPA-specific requests. This is where flexible, agile and intelligent systems come into play. Systems that are able to handle multiple communication channels and help identify CCPA requests, guaranteeing alignment and consistency regarding how such requests are managed, logged and processed, regardless of how they arrive with the business.
Similarly, each request has underlying management process expectations, but the right system can identify the specific workflows to be followed to ensure the correct fulfilment of the request, assisting the end-user and speeding up the entire complaints management process. This can be something as straightforward as making sure the correct communications templates are made available, or diarizing reminders and follow-up tasks to ensure compliance within the mandated timescales.
That’s not to say that businesses need to invest in new systems solely to deal with the California Consumer Privacy Act regulations. Flexible case management systems can be adapted to facilitate the requirements that the CCPA outlines, with the ability to add new case types and associated workflows, as well as governance and timeline requirements, making them the ideal tool to manage CCPA requests. And, they offer the search and report capabilities that are so important when it comes to evidencing compliance, providing a vital audit trail to demonstrate watertight CCPA compliance if and when required.
While a major change for businesses, the CCPA need not be a major headache for your organization. With the right tools and processes in place, robust compliance can be achieved while fulfilling your obligations to consumers. Regarded by many as the tip of the iceberg when it comes to data protection legislation in the USA, the CCPA marks the starting point of a potentially long journey. By implementing scalable, flexible systems now, your business will be well placed for what comes next, stealing a march on the competition and ensuring excellent customer service in the process.