The California Consumer Privacy Act (the “CCPA”) goes into effect on January 1, 2020. Meaning, your organization will need to have a compliance plan and start complying with the CCPA (if the CCPA applies to you and your business). While it’s similar to the European Union’s General Data Protection Regulation (the “GDPR”), the CCPA is still a complicated law. That means that getting ready for it is still a big task. You might feel like you’re scrambling and have a lot of unanswered questions.
So where do you turn?
While relying on vendors like Drift that you trust is awesome (we’re here to help!), I also wanted to share some of the resources I’m personally using to help prepare Drift for the CCPA’s go-live date. These resources have answered my questions and helped me expand my own knowledge of this new regulation.
1. The Text Of The CCPA Itself
Why not go straight to the source? You can’t get any closer to the CCPA than the CCPA itself. Find it here. What’s great about this copy of the text is that it also tracks and discloses the recent amendments to the CCPA.
2. Inside & Outside Counsel
Talk to your organization’s on-hand legal resources. If you have inside counsel, it may be worth it to chat with them about your company’s plan, how the CCPA fits into your activities, what it may affect, and so on.
If you have access to outside counsel, especially counsel specializing in data and privacy, the outside resource who is familiar with the ins and outs of your organization can provide effective and valuable insight into the CCPA and its effect on your organization. Your outside counsel should be able to help walk you through how the CCPA applies to your organization’s marketing and business activities, as well as give you some pointers for compliance.
3. Cheat Sheets
Nothing beats a quick reference when you’ve got a question where you’re really just looking for a short and sweet answer. I turn to these cheat sheets for my quick questions about the CCPA:
- TeachPrivacy’s CCPA WhiteBoard – This is the epitome of a cheat sheet. It’s got interesting graphics and short bits of easily digestible information, all on one page.
- TeachPrivacy has also created Regulation Chart that summarizes the CCPA, section by section. This has been a really useful tool for me to quickly get the gist of a section and cross-reference with the CCPA text.
- PWC’s CCPA Readiness Roadmap – This page is nothing but short answers to your quick questions. What I like best, though, is the table comparing the GDPR to CCPA.
- National Law Journal’s CCPA Compliance Chart – Put together by top cyberspace and cybersecurity lawyers, this table from the National Law Journal provides a quick guide to proving your CCPA compliance. It’s a solid checklist to keep on hand when you start receiving questions about if or how you comply with the CCPA and after the CCPA goes into effect.
- Not sure if CCPA even applies to you? This BDO Insights Quiz can help you figure that out quickly and easily.
4. Not So Light Reading
A number of leaders in the business and the legal world have been thinking about the CCPA too and have written some excellent articles and guides about CCPA readiness. If you’re ready to go in-depth and take your understanding to the next level, I suggest reading these articles:
- JD Supra’s Have You Met These 3 Crucial CCPA Compliance Challenges? – Broken out into specific and short sections and 3 critical pillars in approaching compliance, this longer piece from JD still provides an approachable response to a lot of CCPA planning woes. It also discusses some of the defining features of the CCPA and its potential effects. Well worth the time to read.
- ABA Business Law Section’s California Consumer Privacy Act, by John Stephens – The American Bar Association is the US’s preeminent legal organization. I often look to the ABA for their viewpoint and analysis since the ABA draws on the expertise of renowned top legal talent and has significant input on US lawmaking. This article provides an approachable extra level of depth and analysis.
- BDO’s 6 Month Countdown to the CCPA: The 10 Information Governance Steps Needed for Compliance – BDO has created some great food for thought in its a high-level CCPA preparation plan. Though we’re now less than 6 months to the CCPA’s go-live date, this 10 step plan provides guidance on how to approach creating your CCPA compliance plan and for bringing the rest of the organization on board.
5. No Time to Read?
We’re all on the go, but thankfully there are a number of resources that cater to people who still want to learn about the CCPA, but would rather listen or watch. I like both of these:
- CSO Online’s How the California Consumer Privacy Act (CCPA) Will Affect You and Your Business – Part of CSO Online’s TechTalk series, this 20-25 minute podcast-style chat is a fantastic listen about CCPA preparation. Discussing how the CCPA “may shift business models, change online behavior and reveal where exactly our data has been,” this highly relevant video is engaging, comprehensive and very much geared toward tech companies.
- Cracking the Code Video Series – Morrison Foerster (a/k/a MoFo), a prominent global law firm with a large California presence, created a video series on the CCPA that is a real gem of information. Set up in a number of short installments, this series not only discusses key elements of the CCPA, but it also directly answers many frequently asked questions in a set of short installments. So if you have a few minutes of downtime, take a look or listen.
And then I’ve got a bonus resource for you. If you really want to go for a swim in CCPA material, MoFo has compiled an excellent resource center on the CCPA. The video series I mentioned is just the tip of the iceberg. Check everything out here.
*Nothing in this article is intended to be, nor should it be, construed as legal advice from Drift or Drift’s legal team.