Frequently Asked Questions
Have a question about our CCPA training program? See below. For other questions, email support@ccpafreetraining.com.
Why is CCPA Free Training Free?
In our current era of big data, businesses can deliver unprecedented convenience and value to consumers. However, compliance regimes like the CCPA require that businesses use data respectfully and responsibly. There’s an art to striking the right balance among data collection, data use and transparency with consumers, and we are passionate about helping businesses to navigate these challenges.
We have built software tools that enable businesses to accept and process consumer privacy and to document compliance. We make them available affordably at ccpatollfree.com, and we would love to share them with you. Your decision to adopt these tools funds our ongoing commitment to providing learning resources at CCPA Free Training to the business and privacy community free of charge.
How Often Do You Update CCPA Free Training?
We update it regularly in response to changes in the status and regulation. We most recently updated it on April 5, 2020. It is based on the latest version of the CCPA as it was most recently amended on October 11, 2019, and the latest draft regulations released by the California Attorney General on March 11, 2020.
Who Needs CCPA Training?
Businesses that comply with the CCPA are required to train everyone working at the business who handles consumer inquiries about privacy, and everyone responsible for the business’s CCPA compliance. Because “consumer” under the CCPA refers to California residents, if you have certain team members who interact only with residents of other states, there is no need to train them.
Training your team members who handle California consumer privacy inquiries includes training your customer care representatives who engage with consumers on the phone, in chat and by email. If you have brick-and-mortar stores or offices in California, it also includes training your team members who may interact with consumers there. If training store or office associates seems burdensome, we recommend displaying a privacy notice at your place of business that explains how consumers can access their CCPA rights, and making a paper form available in your locations for consumers to submit privacy requests. This way you might choose to limit training for location staff to directing consumers to this information.
Training your team members who are responsible for the business’s CCPA compliance includes a potentially more diverse group of individuals. For example, this may include product managers who design products that collect personal information, marketing managers that decide how to use or sell personal information, IT personnel responsible for the technical aspects of information collection, retrieval and deletion, legal staff who supervise data use internally and by vendors, and senior executives responsible for the overall management of the business.
What Training Does the CCPA Require?
Businesses that comply with the CCPA are required to train the team members described above under “Who Needs CCPA Training” about which rights the CCPA provides to consumers and about how consumers can exercise those rights. In particular, companies should train their team members about a consumer’s right to know what categories of personal information the business collects, the sources it collects information from, the purposes for which it collects or sells it, how the business shares the information, and a consumer’s right to request a copy of or to ask a business to delete the specific information the business collected about that consumer.
If a business discloses or sells information, it should also train its team members about a consumer’s right to know the categories of information the business had sold, the categories of third parties to whom the business sold it, and the categories of information the business disclosed for a business purpose.
Businesses should also train their team members about a consumer’s right to non-discriminatory treatment. A business must not treat a consumer who exercises her or his privacy rights any differently than other consumers, for example by charging a higher price or denying services. Note however, that loyalty programs that provide discounts in exchange for information use are still okay if implemented according to CCPA rules.
In addition, training should cover a consumer’s right to direct a business not to sell their personal information.
Finally, train team members in the ways a business should allow consumers to access their rights, e.g., via a toll-free number, interactive web form, and the primary way in which consumers interact with the business if different.
In addition to the specific training criteria above provided by the CCPA statute, the CCPA regulations require much broader training in the law, extending to “all the requirements in the CCPA and these regulations.”
Does the CCPA Require a Formal Training Program?
Generally, any form of training that meets the criteria listed above under “What Training Does the CCPA Require?” is sufficient to comply with the law. While there are no formal program or certification requirements, it is a good idea for businesses to document their compliance with the CCPA’s training requirements. Accordingly, we will issue a Certificate of Training to each team member who completes the course, and note that CCPA Free Training is not an accredited institution and that the certificates we issue do convey any formal degree or recognized training certification.
In addition, the CCPA does not require businesses to renew training with team members periodically. The law implies that an initial training, presumably as part of onboarding, is sufficient. However, one-time training would only be sufficient if team members retain their training. If team members forget what they’ve learned and are no longer informed about the CCPA, businesses should refresh their training.
Note that more stringent training requirements apply to businesses that buy, collect or share personal information of more than 10 millions California residents in any calendar year, Those businesses are required to establish, document, and comply with a training policy to ensure that all individuals otherwise required by the CCPA to be trained are informed of all the requirements in the Attorney General’s CCPA regulations and in the CCPA itself. CCPA Free Training can help businesses comply with these more stringent requirements.
Does CCPA Free Training Satisfy the CCPA’s Training Requirement?
We intend for this course to satisfy the CCPA’s training requirements for businesses. By necessity, the course is general and does not cover the operational aspects of any particular business’s privacy program. We recommend that businesses update their privacy policies for CCPA and provide them to team members to read in conjunction directing them to follow the CCPA Free Training course, as this should fill in any gaps that are specific to the business.
While the CCPA Free Training course was written by a lawyer, the course is not legal advice, CCPA Free Training is not a law firm, and using the services of CCPA Free Training does not create an attorney-client relationship. If you would like assistance in developing training tailored to your needs, or if you want legal advice on privacy compliance, contact us at support@ccpafreetraining.com and we can connect you with additional resources.
Are There US Privacy Laws Besides CCPA I Should be Aware of?
Yes. There is a Nevada privacy statute that provides residents of that state with the right to opt-out of the sale of their covered information, however this law defines “sale” more narrowly as an exchange monetary consideration where the buyer will license or sell the information to additional third parties.
For additional information about US bills and law, see our privacy legislation tracker.
Did we answer your question?
Feel free to reach out with additional questions. Or head over to CCPATollFree.com to get started on implementation.