The Guide to Supplier CCPA Readiness for Security and IT Teams

 

Published March 2020

ccpa

Many security and IT professionals seek to better understand how the California Consumer Privacy Act (CCPA) will affect how they do their jobs. Because they must ensure that any third parties, suppliers and vendors that do business with an organization are secure, IT professionals are particularly concerned about how this far-reaching data privacy legislation will shape those relationships.

The cost of not complying with CCPA is high: Businesses that fail to comply could face penalties of up to $2,500 per negligent violation and $7,500 per intentional violation. In addition, individuals can also seek damages of between $100 and $750, and actions can be aggregated into a class action. This leaves companies open to the possibility of substantial financial penalties through its users. For these reasons, IT professionals must understand why it’s important for vendors to comply with CCPA, and why those that do not can be an unacceptable risk for companies.

This document provides several frequently asked questions to clarify companies’ responsibilities regarding how to prepare for this far-reaching legislation as it pertains to supplier relationships, as well as best practices for supplier CCPA readiness.