The California Consumer Privacy Act (CCPA) is one of the strictest data privacy laws in the United States. It requires organizations to be transparent about how they collect, use and disclose personal information, and it grants consumers specific rights to access and control that information. To comply, it’s critical that employees understand these requirements and how to meet them. That’s why the CCPA also requires workforce training.
NAVEX’s CCPA course provides this training by giving learners a foundational understanding of the law, beginning with the key transparency and notice obligations that dictate how personal information can be collected and used. It then helps learners understand their responsibilities for ensuring consumers can exercise the rights the CCPA gives them, with coverage dedicated to consumer access, erasure, opt-out and opt-in requests. Finally, because the CCPA also requires organizations to have strong controls over personal information, essential data security practices are discussed. All of this content is presented through animation, video and interactive scenarios that engage learners and drive home critical points.
CCPA violations can result in significant fines, as well as reputational damage. Effective training can reduce this risk, making it a crucial addition to any organization who must comply with the CCPA..
Consumers have the right to know the types of personal data that a business collects and how it is used. This right to notice is required before the company collects or uses personal information. Businesses are not allowed to collect additional personal information or use it for other purposes without first notifying consumers.
Consumers have the right to request and be granted access to the personal information that a business collects and retains about them. Presumably, because of the burden of these requests, businesses only need to provide personal information to individuals twice in 12 months.
Consumers have the right to request the deletion of their personal information. Businesses are obligated to delete personal information upon request and to direct service providers to delete personal data for the requesting consumer.
Consumers have the right to request their personal information in a format that is readily usable. The intent is to enable the consumer to move data from one business to another.
Consumers have the right to request a listing of the disclosures of their personal information to 3rd parties. This information should include the data that was disclosed and the purpose to which it was disclosed.
Consumers have the right to opt-out of the sale of their personal information. Businesses that sell personal information to third parties must have a link on their homepage that reads “Do Not Sell My Personal Information.”
Minors are afforded slightly different rights under CCPA. For minors under 13, parents or guardians must opt-in to personal data collection. For minutes aged 13-16, the minor has to opt-in.