Back
Home
Insights
Not concerned about the CCPA? If you receive Personal Information from California businesses, you probably should be.

12/03/2019

Not concerned about the CCPA? If you receive Personal Information from California businesses, you probably should be.

California’s groundbreaking California Consumer Privacy Act (CCPA) imposes rigorous mandates on entities that collect Personal Information from California consumers. Companies that don’t collect such Personal Information might be tempted to breathe a huge sigh of relief, assuming that they’re off the CCPA hook. That, however, could be a costly mistake.

Businesses that are directly subject to the CCPA are statutorily required to impose certain requirements on companies to which they transfer Personal Information. In order to provide services to CCPA-governed organizations, “service providers” must be able to satisfy those requirements. As the CCPA’s Jan. 1 effective date approaches, those requirements are already being included in service provider contracts and in RFPs. Service providers that cannot satisfy them face serious competitive disadvantages.

The following are crucial CCPA readiness recommendations for service providers:

1. Review data security policies and procedures to ensure that your organization has implemented and continued to maintain reasonable security procedures and practices appropriate to the nature of the Personal Information collected.

2. Map data inventory:

a. Identify the location of any Personal Information you’ve received from your CCPA-covered business partners.

b. Ensure that if Personal Information is being transferred from your company to third parties, it is not being “sold,” as that term is defined in the CCPA.

c. Ensure that Personal Information can be located, shared, and deleted in accordance with retention policies and verified consumer requests.

3. Review and revise downstream contracts (including click-through agreements) to ensure that third parties agree to:

a. Act as “service providers,” as set forth in the CCPA, and

b. Assist with consumer requests.

4. Amend upstream contracts to clarify that your company is a “service provider” by including statutory language set forth in the CCPA.

5. Establish policies and procedures to comply with consumer requests, including:

a. Template responses

b. Technical procedures

Because California is the fifth-largest economy in the world, and each CCPA-covered entity can have multiple service providers, neglecting CCPA readiness is simply not an option for companies doing business on a national scale. Although satisfying CCPA-required mandates may impose certain financial and operational challenges, the news is not all bad: Achieving CCPA readiness can have benefits extending well beyond California. As other proposed state privacy laws follow California’s lead and tilt toward consumer protection, CCPA-ready businesses will be a step ahead on the road to compliance.

Contact

Bhavesh Vadhani, Principal, National Director, Cybersecurity, Technology Risk, and Privacy

703.847.4418

OUR PEOPLE

Get in touch with our specialists

View All Specialists

Bhavesh Vadhani

CISA, CRISC, CGEIT, PMP, CDPSE, Principal, Global Leader, Cybersecurity, Technology Risk, and Privacy

View Full Bio

Contact Bhavesh

Close

Contact

Let’s start a conversation about your company’s strategic goals and vision for the future.

Please fill all required fields*

Please verify your information and check to see if all require fields have been filled in.

First Name

Last Name

Job Function

Job Level

Enter Job Level

Email address

Country

State

Company name

Industry

Enter Industry

Topic

Comment

Yes, opt me into Marketing from CohnReznick.

By completing the form, I will be subscribed to receive CohnReznick emails with insights and information on upcoming events. I understand that I will always have the option to unsubscribe from communications.

By your submission of information in this form, you are consenting to our collection, use, processing and storage of your information in accordance with the CohnReznick Privacy Policy.

Related services

_{This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. Neither CohnReznick LLP or its personnel provide legal advice to third parties. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its members, employees, and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.}

All Industries

Consumer & Industrial

Financial Sponsors & Services

Healthcare

Life Sciences

Private Clients

Public Sector

Real Estate

Renewable Energy

Technology & Media

All Services

Accounting & Assurance

Accounting Advisory

Business Performance

Digital

Risk

Sustainability Advisory

Tax

Transactions

All Insights

Topics

Events

Subscribe

About CohnReznick

About us

Corporate Responsibility

News

Offices

People

Careers at CohnReznick

Career Opportunities

Experienced Career Opportunities

Careers at CohnReznick

Internships

Life at CohnReznick

Why CohnReznick?

Not concerned about the CCPA? If you receive Personal Information from California businesses, you probably should be.

Contact

Get in touch with our specialists

Bhavesh Vadhani

Looking for the full list of our dedicated professionals here at CohnReznick?

Contact

Related Insights

Follow us on social media

Related services