California Privacy Rights Act Compliance
(CPPA/CPRA)
Data Protection Assessments, System Audits, Data and Request Handling Training, Reporting, Full Governance
We work with California businesses to design and implement data protection governance plans and comply with the CCPA/CPRA, which went into effect Jan 1, 2023
What does the CCPA/CPRA require (and how do we help?)
Starting on January 1, 2023, the CCPA/CPRA requires companies handling sensitive consumer data of employees in California to conduct data protection assessments for every data processing activity that involves sensitive data, including processes that use automated or algorithmic tools. It will also require training for certain employees, annual reporting, and more.
The law also requires a consumer opt-out approach. Final rules are currently being drafted, but Proceptual can help you be proactive in your preparation.
Conduct your data protection assessments before enforcement begins Jul 1, 2023
+ Details
The data protection assessments would require any employer handling sensitive data, whether for consumer or employment purposes (all are considered “consumers” in this law), to perform an assessment for any tools they use to process, store, retain or share personal data.
Opt-Outs
+ Details
The current draft states that there must be Opt-Outs for selling or sharing information. These must also be extended to automated processing tools.
System audits, training, and more
+ Details
The current draft requires due diligence of its service providers and contractors, including annual audits of the systems being used. It also requires businesses to “establish, document, and comply with a training policy” in certain cases.
When will the final rules for CCPA/CPRA be released?
The final rules were approved and sent for legal review February 3, 2023. It was indicated that it could pass that legal review in as few as 30 days.
Sign up for our newsletter for weekly updates, or contact one of our experts to be immediately notified and debriefed when the rules are released.
Our Proven Process
Proceptual’s technology-driven, proven process produces data governance and compliance quickly and accurately.
Step 1: Scoping
- What pieces of this law are relevant to your organization?
- Which types of data and processes must be assessed?
- What types of audits might you need to perform?
- What types of opt-outs need to be in place?
- Does your business need a training program in place?
Step 2: Data Collection & Cleaning
- Collect all data relevant to covered functions and processes
- Comply with internal and external privacy requirements
Step 3: COMPLETE DELIVERABLES & ESTABLISH PROCESSES
- Produce assessments, audits, training materials, and other deliverables
- Review all deliverables internally for accuracy
- Verify all opt-outs and other requirements needed for compliance are in place
Step 4: IMPLEMENT PUBLIC FACING CHANGES
- Publish privacy notices
- Implement opt-outs or other requirements
- Implement any other compliance needs
Step 5: ESTABLISH MAINTENANCE PLAN
- Establish review standards to keep up with new tools, data, processes, and laws
- Establish assessment update plan to ensure continuous compliance
How do we help?
We offer end to end compliance with CCPA/CPRA. This includes:
Initial consultation. We work with you to understand what this law requires of your organization.
Reports and deliverables pursuant to CCPA/CPRA. We can produce the deliverables you need quickly and accurately.
We help you identify and implement any other mechanisms or tools needed for compliance.
We recommend specific steps to comply with all requirements of CCPA/CPRA.
CONTACT US FOR A FREE CONSULTATION TO UNDERSTAND YOUR AI COMPLIANCE OBLIGATIONS
Our team is here to help you navigate emerging regulation of automated hiring systems. Get in touch today to learn more.