What does the CCPA have to do with Policies & Procedures?
Compliance with CCPA is entwined with how you do business. Your business operations (the “how and what”) directly link to company policy, controls, processes: policies and procedures. You could say that the CCPA has everything to do with policies and procedures. Which is why you need to update yours – yesterday. Not convinced?
Let’s go back to a post I wrote last year on Who Needs to Comply with CCPA. There were three questions to consider:
- Does your business’s worldwide annual gross revenues meet or exceed $25 million?
- Do you annually touch the personal information of 50,000 or more California residents? Their households? Or their devices?
- Does half or more of your annual revenue come from selling the personal information of California residents?
Be mindful that your answers to these questions could be “No” yet you could remain subject to the CCPA. Because it all has to do with understanding exactly what the law means by “personal information” and “touching” personal information. It also means you need to know how many of your website’s visitors are California residents. Because those little things like an IP address? That may well be considered “touching” personal information. The law is that picky.
Once you understand the definitions of all those things, you’ll want to revisit your company’s policies and procedures. See if they take into account all the permutations and interpretations that they should. You’ll likely have legal counsel involved. The penalties of non-compliance are big.
Remember, your policies and procedures need to say what you will do, not just what you can do. It’s like the video short on our P&P page says “If you say it, do it. If you do it, write it down.” Policies and procedures underpin how your business operates. It’s how you mean to go forward once the technology is aligned with all of the regulatory intricacies. It shows how and what you’ll train your workforce to do.
Not sure where to start? We can help. Whether you’re updating current policies and procedures, or you’ve never finished the ones you have. Give us a call at 503-384-2538 to get things moving.