CCPA Compliance Checklist

As a business, what do I have to do, to comply?

ZipComply Concierge is here to help you comply with CCPA. As a business, you must consistently work on your product(s) and/or service(s) to provide the best customer experience. Just as you have experts taking care of different areas of your business (Advertising, Marketing, etc.), you also need experts to help you in compliance matters. Rather that overloading and retraining your current staff, it is more efficient and effective to delegate all compliance related tasks to ZipComply. This is what we do.

Businesses subject to the CCPA must provide notice to consumers at or before data collection

ZipComply will provide you a comprehensive Cookie management solution for your consumers that will keep them informed of what data is being collected via the website. This solution includes Cookie Banner, Cookie Preferences and store the consumers consent while they are on your website.

Businesses must create procedures to respond to requests from consumers to opt-out, know, and delete

For requests to opt-out, businesses must provide a "Do Not Sell My Info" link on their website or mobile app.

According to the law, the business must provide the consumer two or more methods for submitting requests for information. One of the options must be a toll-free telephone number to which consumers can easily call to make data requests. If your business operates exclusively online, your second option could be to provide an email address and/or an online form for the data requests.

ZipComply provides a toll-free number which is answered by live agents (not automated), who accept the data request and validate the consumer's identity. This service is accessible 24/7, making it as convenient as possible for your consumers. ZipComply also provides an simple online form for consumers to submit their data request on your website.

Businesses must respond to requests from consumers to know, delete, and opt-out within specific timeframes

Businesses must deliver the required information to the consumer free of charge within 45 days of receiving a verifiable request. The business should verify the consumers identify and the validity of the request, but this process shall not extend the business' duty to provide the information with 45 days. The business can extend information delivery once by an additional 45 days when necessary by providing the consumer with notice of extension.

The information provided to the consumer will cover the 12 month period preceding the business' receipt of the verifiable consumer request. The business will deliver the information electronically or by mail.

ZipComply Concierge will take care of all the back and forth communication with the consumer via mail or electronically. All you need to do is to provide the requested information for the data requests. We will also make sure we are in constant communication with you, so that we handle all data requests within 45 days. We will remind you via email and on regular phone calls.

As proposed by the draft regulations, businesses must treat user-enabled privacy settings that signal a consumer’s choice to opt-out as a validly submitted opt-out request.

Businesses must verify the identity of consumers who make requests to know and to delete

The business may verify the customer's identity before providing any sensitive information but should not require the consumer to create an account with the business. To identify a consumer, the business can compare the information from the verifiable consumer request, to any previously collected information by the business.

ZipComply will manually validate the consumer's information to make sure they reside in California and provide the pertinent information to your business to get the data request fulfilled.

As proposed by the draft regulations, if a business is unable to verify a request, it may deny the request, but must comply to the greatest extent it can. For example, it must treat a request to delete as a request to opt-out

As proposed by the draft regulations, businesses must maintain records of requests and how they responded for 24 months in order to demonstrate their compliance.

ZipComply maintains all user consents from the cookie banner, the data requests via the toll-free number, and the online form for 24 months from the initial request date. You need not worry when it keeping records.

As proposed by the draft regulations, businesses must disclose financial incentives offered in exchange for the retention or sale of a consumer’s personal information and explain how they calculate the value of the personal information. Businesses must also explain how the incentive is permitted under the CCPA.

How can we help?

Based on the information above, governance is quite involved and challenging. Our ZipComply Concierge service helps your business at the consumer end of your web presence. Our Data Governance consulting group can help you with your enterprise level governance and compliance.

  • Risk Assessment
  • Gap Analysis
  • Data Mapping and Inventory
  • Policy Management
  • Procedure Management
  • Training
  • Recurring Compliance Audits
  • IT Security
  • System Integration
  • Automation
Contact Us
Consumer on a Computer