Are You Prepared for the California Consumer Privacy Act (CCPA)?
Let's face it, nobody likes change. But change is here… and it's a big one. On January 1, 2020, the new California Consumer Privacy Act (CCPA) went into effect — changing how businesses view consumer data privacy and the security of their networks.
How does the CCPA impact consumers and businesses?
The CCPA gives consumers new rights to their Personal Information (PI). It requires businesses to be more transparent by disclosing to consumers how they collect, use and share their PI — and respond to data access, opt-out of sale and deletion requests.
Does the CCPA affect my business?
The CCPA applies to any business in California that collects PI Of California consumers and meets any of these thresholds:
- Annual gross revenue equal to or greater than $25 million.
- Buys, receives, sells, or shares PI of 50,000 or more consumers, households, or devices.
- Makes 50 percent or more of its annual revenues from selling PI.
What are the new consumer rights?
The CCPA empowers consumers with the right to:
- Know what PI you are collecting, using, sharing or selling.
- Delete their PI that you have.
- Request that you not sell their PI to third parties.
- Receive the same services and pricing as someone who has not exercised their privacy rights.
What are the obligations for dealerships?
Here are some examples of dealerships' obligations under the CCPA:
- Provide notice to consumers at or before data collection.
- Create procedures to respond to consumer requests to opt out of sale, know and delete their PI.
- Respond to consumer requests to know, delete, and opt out of sale within 45 days (which may be extended for an additional 45 days).
- Verify the identity of the consumer who requests to know and delete their PI, whether they have a password-protected account or not.
- Maintain records of requests and how they responded.
If our dealership is affected, what is our next step?
Your first step is to understand how the CCPA will affect your business and establish a comprehensive compliance program with your legal and/or advisory team(s).
Here are some questions to ask yourself as you prepare:
- Do I know where our customers' PI is stored?
- How will we verify, accept and respond to consumer requests such as opt out, know or delete?
- Is our privacy notice updated to fulfill disclosure obligations?
- Do we have the required "Do Not Sell My Info" link on our websites?
- How strong and secure is our network security?
- Will our vendors work with us in responding to consumer requests?
Read more on how CDK Global is helping dealers in their CCPA compliance efforts.
The information provided in this document regarding the CCPA is for informational purposes and is not intended as legal advice.