The California Consumer Privacy Act will take effect on January 1, 2020, giving Californian consumers more control over how their data is handled and shared, and the right to take action when their information is compromised. For companies that do business in California and take Cardholder Not Present payments, this means action is needed now to ensure customers’ sensitive payment information is properly guarded once the law becomes effective.
Recent PCI Pal research shows data privacy regulations like the California Consumer Privacy Act and the European GDPR can actually improve customer loyalty and trust, with recent high-profile data breaches like Equifax and Capital One making security and compliance top of mind for consumers. In fact, our survey found that almost a quarter of US consumers reported that they would feel safer sharing their information with companies if they were federally mandated to protect consumer data. However, for companies that fail to comply, these regulations can be quite costly, with GDPR already costing European businesses over $60 million in fines related to data breaches.
So how should your business be preparing ahead of January 1 to make sure it is compliant with California Consumer Privacy Act regulations? We’ve pulled together a few tips to make sure your company and its customers are protected.
1 .Review your company’s policies and procedures now to make sure they are in line with California Consumer Privacy Act requirements.
The new regulations mean your company may need to update security policies in order to be compliant. Take a close look at company policies now to ensure they are up to date by the time the law takes effect. Policies will need to take into account new requirements to provide customers with more information about the data collected and how it is being used, and new internal security measures may need to be adopted in order to ensure stronger protection against security breaches. The new regulations also require that your company supply consumers with at least two designated methods for requesting information about their data.
2. Know how your company collects and uses data.
In order to comply with new disclosure requirements, it is important to know exactly how your business is collecting data and for what purpose it is being used. The new regulations require that your company supply consumers with the requested information free of charge within 45 days of their request. Simplify this process now to ensure you are able to comply by completing a data map of your business with information on where data comes in, how it is used, where it is stored and for how long. This will simplify compliance with disclosure requirements and help you identify potential holes in your data security so that you can begin to correct them.
3. Announce steps your company is taking to ensure compliance.
PCI Pal’s research found that many US consumers are starting to ask companies directly about their security practices, and 21% want companies to announce compliance with data regulations like the California Consumer Privacy Act. It is one thing to be compliant, but making sure customers are aware of the changes you’re making to ensure compliance and stronger data security can actually make them feel more confident in conducting business and spending money with your company, resulting in increased customer loyalty and revenue.
4. Consider adopting PCI compliance solutions.
PCI requirements not only ensure compliance with regulations like the California Consumer Privacy Act, but also prevent data breaches so customers can be assured their sensitive payment information remains safe in your company’s hands. PCI Pal’s solutions descope your contact centre so customer data never reaches your environment and isn’t accessible to hackers.
5. Keep an eye out for changes to the California Consumer Privacy Act and stay on top of compliance.
There have already been several amendments to the regulations, and there could be more in the future, but the general purpose remains the same – protecting consumers’ privacy and giving them more power over their personal data. In order to maintain compliance it will be key to stay on top of any new requirements and adjust company policies to ensure you are meeting them. And by adopting PCI compliance standards, you can rest assured that your customers’ sensitive data will always be protected so you’re not at risk of a potentially costly data breach.
Contact us today to learn more about how PCI Pal’s solutions can protect your customers’ sensitive data and ensure compliance with new California Consumer Privacy Act regulations for your company.