Have You Done Your Annual CCPA Housekeeping?February 19, 2021
- Are you keeping track of the number of requests that your business received from a consumer? A business is not required to provide personal information to a consumer in response to a request more than twice in a 12-month period.
- How far does your business look back when disclosing personal information in response to a request? The disclosure is only required to cover the 12-month period preceding the business’s receipt of the consumer request.
- Are you keeping track of when a consumer has opted-out of the sale of the consumer’s personal information and is your business respecting the consumer’s decision to opt-out for 12 months? Businesses must respect a consumer’s decision to opt-out for at least 12 months before requesting that the consumer authorize the sale of the consumer’s personal information.
- If your business has no reasonable method by which it can verify any consumer in connection with a consumer request, have you evaluated whether your business can establish a reasonable method? Businesses must evaluate and document whether they can establish a reasonable method at least once every 12 months.
If you need assistance with your CCPA compliance efforts or want more information on compliance with the CCPA, please contact one of our Cybersecurity & Data Privacy attorneys.