The State of California has passed a comprehensive consumer privacy law known as the California Consumer Privacy Act or CCPA. It has an effective date of January 1, 2020. Since this has the possibility of affecting many of GOLDPoints’ clients, we decided to publish an article on the topic. This is meant to give some guidance on the CCPA but should not be taken as legal advice. You should consult your legal counsel for definitive advice on what you need to do to comply with this law.
The CCPA has the objective of protecting the private information on individuals that reside in the state of California. This is probably the first of many state laws and perhaps a national standard that will attempt to protect consumers and their personal information.
When setting up accounts on the GOLDPoint system, you normally collect personal information on customers such as; name, address, social security number, email address, employer information, etc. It even covers an IP address, if you collect that. All of this information is covered under the CCPA if the customer is a resident of California.
A CCPA covered individual has the right to know what personal information is being collected on them and request a copy of that information. You should make an inventory of what information your institution collects on individuals and how you will disclose it, in case the customer requests their information under the CCPA. You need to consider how you will give them the information so as not to unwittingly disclose nonpublic information and make things worse. Some training of your employees is in order so that they know what to do when a request for this information comes in.
A CCPA covered individual has the right to know if any of their information is being sold and to whom. They need the ability to opt out of the sale of that information. If you do not sell any of your customers’ information, that is great. However, that should be disclosed to them in privacy notices and prominently displayed on your web sites. If you do sell customer information, you need to provide the ability for the customer to opt out. If you allow customers to open accounts over the Web, this is a good spot to provide the needed disclosure and allow them to opt out of the sale of their information. You also need to have the ability to have the customer opt-out in person at a branch or call in to opt out. In the GOLDPoint system, you can use one of the opt-out fields provided in CIM GOLD to record their opt-out decision, as shown below.
Set up the code in System Set up:
- Select the OPT OUT set up
- Use Create NEW and create your own Opt Out code of (for example) ‘don’t sell data.’
This code is now available to be selected via the Marketing and Collections screen/CIF tab, as shown in the screen print below:
Then, when you do decide to sell customer information, you should check the field you have set up and not include the information of any customer who has opted out. GOLDPoint never sells client data and only discloses customer information to authorized receivers such as credit repositories, the IRS, etc.
Remember that you must always give equal service and pricing to customers regardless of whether or not they decide to exercise their rights under CCPA. Failure to do this may result in significant fines. It is also important to remember that CCPA gives the customer the right to sue for damages if their personal information is breached. GOLDPoint spends significant resources on keeping customer data secure, but each client needs to do their part, as well.
There is a lot to think about when dealing with CCPA and we have tried to hit the highlights with this article. There is also a lot of industry and legislative buzz on the topic of privacy and data security. More laws are likely coming with the various states and the federal government.