CCPA Training Slides

Hello, I’m Marc Mandel, a technology company general counsel and a co-founder of www.CCPAFreeTraining.com.  In this training course, we will cover the California Consumer Privacy Act, or CCPA, from...

The CCPA requires training for everyone who either handles consumer inquiries or who is responsible for CCPA compliance within a business. That includes your customer care team, your store...

Before we continue, let’s take a moment to consider the importance of privacy laws like the CCPA. The fourth amendment to the American constitution protects our privacy, but only from actions by...

The agenda for our course consists of six topics: Notifying consumers about your data collection practices and their CCPA rights What infrastructure you need to accept consumer requests How to...

The CCPA provides privacy rights to quote unquote “consumers,” meaning any resident of California. While businesses may deny CCPA rights to residents of other states, as of March 2020, a Nevada...

When some people think about personal information, they think about bank account numbers, location history, and the contents of their chat messages with friends. All of that private information is...

Now that we understand who has CCPA rights and what personal information means, let’s examine what you need to tell consumers about your use of their personal information and how to present that...

Note that CCPA’s definition of “sell” is broad and includes a variety of transactions not normally thought of as a sale. For example, many companies that assist with online marketing will use the...

Now that you’ve provided any applicable Do Not Sell My Info disclosure and linked consumers to your full privacy policy, let’s look at the requirements for that policy.  Your policy should explain...

What you need in your privacy policy that’s new for CCPA is an explanation of the four core consumer CCPA rights and how to access them:  First is the right to know about the information your...

The second of the four core CCPA rights your privacy policy should explain is the right of consumers to request that you delete their personal data. This includes all of the data you would have...

The third core CCPA right is the right to opt out of data sales. We’ve already discussed the broad definition of sale underlying this right, and your privacy policy should explain this right to...

The fourth core CCPA right is the right to non-discriminatory treatment. Your privacy policy should explain that if a consumer exercises their privacy rights, you will not treat them any differently...

In addition to explaining each of the core CCPA rights, your privacy policy should explain how to access them, and we’ll cover that next, in part two of our agenda. Before we leave the topic what to...

The third core CCPA right is the right to opt out of data sales. We’ve already discussed the broad definition of sale underlying this right, and your privacy policy should explain this right to...

You need to offer at least two contact methods for consumers to exercise their privacy rights.   The first method is an interactive web form or an email address. If you don’t sell data within the...

The second contact method you need to offer is a toll free number. This is a requirement for accepting right to know and delete requests. There is an exception for businesses that never interact...

Finally, if neither of your first two contact methods reflect the manner in which you primarily interact with consumers, you need to offer that method as a third method. For example, if consumers...

Finally, if neither of your first two contact methods reflect the manner in which you primarily interact with consumers, you need to offer that method as a third method. For example, if consumers...

The CCPA provides detailed guidance about how to verify consumer requests: Make the verification process proportionate to the value of the data at issue--in other words, if a consumer requests a...

In part 4 of our agenda, we’ll examine the CCPA deadlines for responding to requests and what information you need to include in your response.

First, let’s talk about timing. When you receive a right to know or a delete request, you need to acknowledge it within 10 calendar days, informing consumers about your verification procedures and...

For all types of requests, respond free of charge and always comply to the extent possible. If there’s a reason you cannot comply, explain it and also explain your appeal procedures if you offer a...

If you can’t verify a consumer making a right to know request, don’t release any information and direct them to your privacy policy instead. If you can’t verify a consumer making a delete request,...

For delete requests, the CCPA gives you wide latitude to deny a request if you need the data to comply with laws, to identify errors, to maintain security, to provide services to the consumer, or...

If a right to know or delete request comes from a consumer’s agent rather than directly from the consumer, you can require the consumer to demonstrate that they’ve authorized the agent in a signed...

Whenever you receive a request, whether you can verify it or not, and whether you ultimately respond to it or deny it, you need to maintain records about your CCPA compliance.

The CCPA requires businesses to maintain compliance records for 24 months, including the date of request, what rights were exercised, the contact method used to make the request, the date of your...

We’ll wrap up our training program by covering two separate topics: children’s privacy, and the CCPA’s rule prohibiting discrimination against consumers who exercise their privacy rights and the...

The CCPA does not require you to know or to ask how old your consumers are, but if you have actual knowledge or a strong reason to know that a consumer is under age 16, you need to obtain an opt in...

For consumers of all ages who exercise their CCPA rights, it’s important not to treat them any differently as a result. The CCPA forbids discriminating against consumers who exercise their privacy...

However, the CCPA does allow businesses to maintain loyalty programs, freemium business models, and even to pay financial incentives to consumers for using their data if these programs adhere to...

Thank you for participating in our training program. Please leave any comments in our YouTube channel or email me at marc@ccpafreetraining.com if you have any questions or if you would like to see...