The CCPA has reached the one-year mark. This is a good time for businesses to review the success of their compliance programs and recalibrate for the CCPA’s second year. Here are a few suggestions to kick off that review:

  1. Privacy Policies. The CCPA requires a business to update the information in its privacy policy or any California-specific description of consumers’ privacy rights at least once every twelve months. If a business has not already done so, now is a good time to review both online and offline data collection practices to ensure privacy policies accurately disclose, at a minimum, the categories of personal information (“PI”) it collected in the preceding 12 months, the categories of PI it sold in the preceding twelve months, and the categories of PI it disclosed for a business purpose in the last 12 months.

Read the full article at Jackson Lewis Workplace Privacy, Data Management & Security Report.