Six Month Countdown to CCPA: The 10 Information Governance Steps Needed for Compliance

In our quick 10 step guide, we provide an overview of the necessary Information Governance steps needed to help prepare for the CCPA, and also to consider more broadly as you’re building your privacy program.  With CCPA going into effect January 2020, it is important to consider CCPA may be a catalyst for data privacy in the United States. Organizations must start preparing now, looking to leverage similar activities that have already been initiated to accelerate their CCPA readiness. Preparing for CCPA will undoubtedly put organizations in a better position to comply with other new US privacy regulations that are bound to be enacted soon.

10 Information Governance Steps to Consider for CCPA Readiness

 

CCPA-10-Steps_Web-Assets.png

1. Define Requirements
Organizations potentially subject to CCPA must understand and document their privacy requirements, understand timelines, set milestones, and assign responsibilities for executing the plan.

 

  
CCPA-10-Steps_Web-Assets2.png

2. Perform Assessments
Assess your current state to determine how ready (or not) you are to meet these new regulatory obligations. A current state assessment should focus on the key points of the regulations.
   
CCPA-10-Steps_Web-Assets3.png

3. Identify Synergies
Ensure you include stakeholders from different parts of your organization.  Understanding each function’s major initiatives is critical in designing a comprehensive program to address current and future needs. By aligning each constituency, you can build out a privacy program that is not only compliant with broad frameworks like CCPA, but also addresses specific needs across the organization.
   
CCPA-10-Steps_Web-Assets4.png

4. Identify and Address Gaps
Potential gaps will be identified as requirements are defined and assessments take place. A mitigation plan should be developed to address the gaps.
   
CCPA-10-Steps_Web-Assets5.png

5. Implement Change Management
Addressing the requirements of legislation can sometimes lead to potentially unsettling and disruptive changes in business processes if proper planning does not take place.
   
CCPA-10-Steps_Web-Assets6.png

6. Train and Create Awareness 
Many organizations do not have data privacy related training offerings. Training should be developed, implemented, and measured to confirm that employees know the subject matter.
   
CCPA-10-Steps_Web-Assets7.png

7. Communicate and Socialize the Program
Changes to policies and related procedures will need to be clearly communicated across the organization.  Think of the ways you typically conduct outreach including existing staff meetings, email communications, etc .
   
CCPA-10-Steps_Web-Assets8.png

8. Update Documentation 
Consider using preparing for the CCPA as a catalyst to review and update company documentation.
   
CCPA-10-Steps_Web-Assets9.png

9. Implement the Program
With a 12 month “look back” requiring companies to catalog, preserve, and be prepared to disclose personal information dating back 12 months before CCPA’s effective date, organizations should be documenting processes now, so they have current information about how they use and share data.
   
CCPA-10-Steps_Web-Assets10.png

10. Monitor and Maintain the Program
While preparing for CCPA may be a focus within your organization, it should ultimately fold into more robust privacy program initiatives.

 

For more detailed information on each of our 10 steps, please view our insight.

Related Resources

Article

2024 Nonprofit Benchmarking Survey: Grantmakers

November 13, 2024
Article

2024 Nonprofit Benchmarking Survey: Grantmakers

November 13, 2024

BDO’s eighth annual Nonprofit Standards benchmarking survey shows that grantmaking organizations are undergoing a significant transformation and moving toward more proactive and impactful philanthropy. Read our survey of 50 leaders from grantmaking organizations to see how they are embracing change – and defining the future of their organizations.

Read More

Article

2024 Nonprofit Benchmarking Survey: Health and Human Services Orgs

November 13, 2024
Article

2024 Nonprofit Benchmarking Survey: Health and Human Services Orgs

November 13, 2024

BDO’s eighth annual Nonprofit Standards benchmarking survey shows that health and human services (HHS) organizations are taking advantage of sturdy financial footing to invest in long-term growth and financial resilience. Read our survey of 50 HHS leaders to learn how these organizations are meeting the moment to not only grow, but multiply their impact.

Read More

Article

2024 Nonprofit Benchmarking Survey: INGOs

November 13, 2024
Article

2024 Nonprofit Benchmarking Survey: INGOs

November 13, 2024

BDO’s eighth annual Nonprofit Standards benchmarking survey shows that international non-governmental organizations (INGOs) are seeing increased revenue. Read our survey of 50 INGO leaders and see how INGOs are making bold moves and planning for the year ahead.

Read More

Article

2024 Nonprofit Benchmarking Survey: Public Charities

November 13, 2024
Article

2024 Nonprofit Benchmarking Survey: Public Charities

November 13, 2024

BDO’s eighth annual Nonprofit Standards benchmarking survey shows that public charities are focused on maintaining and expanding their funder relationships in light of underwhelming revenue growth over the past 12 months. Read our survey of 50 public charity leaders to learn about the strategies they are developing to balance revenue growth and cost management.

Read More