Ready or not
As stated in my previous blog, the California Consumer Privacy Act (CCPA) is going into effect in just a few weeks. From Jan 1st, 2020 Californian consumers can request their data to be deleted. They can also stop tech companies from making money by selling their data.
As with the GDPR, organizations are struggling to get ready for CCPA compliance on time. In reality, most companies will probably not be ready at all by the deadline.
The Californian Attorney General (AG) clearly has no intention whatsoever to extend the deadline of Jan 1st, 2020. The wording used in a recent interview in the Financial Post can not be misunderstood.
Comply with the CCPA ...
“We will look kindly, given that we are an agency with limited resources. Yet we will look kindly on those that … demonstrate an effort to comply,” AG Xavier Becerra said.
Because if you don't ...
“If they are not operating properly … I will descend on them and make an example of them, to show that if you don’t do it the right way, this is what is going to happen to you.” Beccarra said.
So the Attorney General states that a key component to decide whether a company is in breach of the CCPA and whether they will be fined lies in your capability to prove your "willingness to comply".
So even when you don't make the deadline, if you are actively working on it and you can demonstrate what you are doing to get there, you can expect some leniency.
I think most of us understand that getting ready for multiple types of Privacy regulation can be quiet a challenge. Keeping up with changes in this broad range of legislation can be cumbersome.
So taking a pro-active approach to actively communicate what you are doing is indeed key. Sharing of what Compliance and Privacy initiatives you have (or are working on) is considered a big plus.
Consumers and businesses have the right to know that they can trust you with the data.