Six Month Countdown to CCPA: The 10 Information Governance Steps Needed for Compliance

In our quick 10 step guide, we provide an overview of the necessary Information Governance steps needed to help prepare for the CCPA, and also to consider more broadly as you’re building your privacy program.  With CCPA going into effect January 2020, it is important to consider CCPA may be a catalyst for data privacy in the United States. Organizations must start preparing now, looking to leverage similar activities that have already been initiated to accelerate their CCPA readiness. Preparing for CCPA will undoubtedly put organizations in a better position to comply with other new US privacy regulations that are bound to be enacted soon.

10 Information Governance Steps to Consider for CCPA Readiness

 
CCPA-10-Steps_Web-Assets.png

1. Define Requirements
Organizations potentially subject to CCPA must understand and document their privacy requirements, understand timelines, set milestones, and assign responsibilities for executing the plan.

 

  
CCPA-10-Steps_Web-Assets2.png

2. Perform Assessments
Assess your current state to determine how ready (or not) you are to meet these new regulatory obligations. A current state assessment should focus on the key points of the regulations.
   
CCPA-10-Steps_Web-Assets3.png

3. Identify Synergies
Ensure you include stakeholders from different parts of your organization.  Understanding each function’s major initiatives is critical in designing a comprehensive program to address current and future needs. By aligning each constituency, you can build out a privacy program that is not only compliant with broad frameworks like CCPA, but also addresses specific needs across the organization.
   
CCPA-10-Steps_Web-Assets4.png

4. Identify and Address Gaps
Potential gaps will be identified as requirements are defined and assessments take place. A mitigation plan should be developed to address the gaps.
   
CCPA-10-Steps_Web-Assets5.png

5. Implement Change Management
Addressing the requirements of legislation can sometimes lead to potentially unsettling and disruptive changes in business processes if proper planning does not take place.
   
CCPA-10-Steps_Web-Assets6.png

6. Train and Create Awareness 
Many organizations do not have data privacy related training offerings. Training should be developed, implemented, and measured to confirm that employees know the subject matter.
   
CCPA-10-Steps_Web-Assets7.png

7. Communicate and Socialize the Program
Changes to policies and related procedures will need to be clearly communicated across the organization.  Think of the ways you typically conduct outreach including existing staff meetings, email communications, etc .
   
CCPA-10-Steps_Web-Assets8.png

8. Update Documentation 
Consider using preparing for the CCPA as a catalyst to review and update company documentation.
   
CCPA-10-Steps_Web-Assets9.png

9. Implement the Program
With a 12 month “look back” requiring companies to catalog, preserve, and be prepared to disclose personal information dating back 12 months before CCPA’s effective date, organizations should be documenting processes now, so they have current information about how they use and share data.
   
CCPA-10-Steps_Web-Assets10.png

10. Monitor and Maintain the Program
While preparing for CCPA may be a focus within your organization, it should ultimately fold into more robust privacy program initiatives.
 

For more detailed information on each of our 10 steps, please view our insight.

Related Resources

Article

Audit Firm Business Models – What Audit Committees May Want to Know

April 19, 2024
Article

Audit Firm Business Models – What Audit Committees May Want to Know

April 19, 2024

As the audit profession continues to evolve to satisfy changing business needs while prioritizing high quality audits for the investment community, firms are taking different approaches toward a sustainable future.

Read More

Article

Revisiting M4.0 Maturity at a Critical Juncture in Innovation

April 18, 2024
Article

Revisiting M4.0 Maturity at a Critical Juncture in Innovation

April 18, 2024

Industry 4.0 technologies can help manufacturers gain a better sense of customer needs, boost quality control, improve factory safety, and much more. AI in particular carries promise for businesses to become more agile, efficient, and safe.

Read More

Blog Post

4 Considerations for Nonprofits Planning to Embrace AI

April 17, 2024
Blog Post

4 Considerations for Nonprofits Planning to Embrace AI

April 17, 2024

BDO Director of Data and AI, Noah Mattern, participated in a series of AI strategy sessions with clients toward the end of 2023, and one thing rang true throughout the conversations: both non- and for-profit organizations across all sectors and industries are leaning into the power of AI but are often face challenges in fully implementing it.

Read More

Article

Risk Mitigation Strategies for Retailers Rolling Out AI Solutions

April 15, 2024
Article

Risk Mitigation Strategies for Retailers Rolling Out AI Solutions

April 15, 2024

Artificial intelligence (AI) is transforming the retail industry, offering new opportunities for enhancing customer experience, optimizing operations, and increasing revenue. However, AI also poses some challenges and risks.

Read More