Sponsored By

CCPA: What You Need to Know for Your Contact CenterCCPA: What You Need to Know for Your Contact Center

With the California consumer privacy law in effect since Jan. 1, is your organization prepared to deal with compliance requests?

Gary Audin

January 30, 2020

3 Min Read
Picture of keyboard with "privacy" key
Image: md3d - stock.adobe.com

If your company does business domestically, some of your customers are very likely from California, which as the largest state accounts for 12% of the U.S. population, according to U.S. Census Bureau data. That means there’s a good chance your company has California citizen data, and you need to be abiding by the California Consumer Privacy Act (CCPA).

 

CCPA creates new rights allowing individuals to control access to, deletion of, and sharing of their personal information collected by businesses. The CCPA, which also provides compliance guidance for businesses, took effect on Jan. 1, having been signed into law in June 2018. The California attorney general can begin taking enforcement action under the CCPA on July 1.

 

Watchpoints for the Contact Center

By now you have implemented software, processes, and procedures to protect your customer databases. The advent of the CCPA adds a new set of functions and responsibilities. You will have to implement new processes and procedures to comply with the CCPA customer-defined rights, and the contact center is the likely place for implementation. This means not only adding in new software but also conducting more training for the contact center agents.

 

Specifically, the CCPA allows California consumers the right to:

 

  • Know and access personal information that is collected, processed, used, shared, or sold

  • Delete personal information stored by businesses and service providers

  • Opt out of the sale of their personal information

  • Act without discrimination on price or service when exercising any of the above

Businesses Subject to CCPA

Your California-located business may be subject to the CCPA if it:

 

  • Has more than $25 million in gross annual revenue

  • Buys, receives, processes, distributes, or sells the personal information of 50,000 or more consumers, households, or devices

  • Makes 50% or more of annual business revenue from the sale of consumers’ personal information

 

For businesses located outside of California, the CCPA applies if a company:

 

  • Collects or sells personal information of California residents, defined as any individual who is a permanent resident in the state, even if traveling outside of the state.

  • Meets one or more of the three criteria above for companies located in California

 

CCPA Business Obligations & Cost Estimates

Under the CCPA, businesses are obliged to:

 

  • Provide notices to consumers at or before the time of data collection

  • Create procedures for responding to consumer opt-out, access, and deletion requests, within specific timeframes

  • Identify and verify consumers who initiate requests

  • Disclose financial incentives for the retention or sale of personal information, explaining how the information value is calculated and detailing how the incentive is allowed under the CCPA

  • Maintain request and response records for 24 months, to demonstrate compliance

To help businesses understand the costs associated with CCPA compliance, Berkeley Economic Advising and Research assessed the impact in a report provided to the attorney general’s office. Based on its analysis of legal, operational, technological, and business costs associated with compliance, Berkeley estimated initial compliance costs depending on business size. As courts review the CCPA legislation, additional costs may emerge, but here are the initial cost estimates:

 

  • $50,000 -- small businesses with fewer than 20 employees

  • $100,000 -- medium businesses with 20 to 100 employees

  • $450,000 -- Businesses with 100 to 500 employees

  • $2 million -- enterprises with more than 500 employees

 

About 75% of California businesses will have to comply with the CCPA, for a total initial compliance cost of $55 billion, according to the Berkeley analysis.

 

This Isn’t the End

This year is expected to be an active year for consumer privacy laws, with more than 300 cybersecurity- and privacy-related laws proposed within 43 states and Puerto Rico. This issue is also before Congress at the federal level, but little progress has been made. If a federal bill does come to pass, it will probably supersede the state bills. This will add to the confusion for those managing contact centers, and I’d expect court cases and interpretations of the CCPA that will further define the scope and obligations of the law.

 

One last note: The European Union’s General Data Protection Regulation (GDPR), which took effect in May 2018, specifies similar but not the same compliance mandates (see a comparison here). So, complying with the GDPR helps prepare for doing the same for the CCPA.

About the Author

Gary Audin

Gary Audin

Gary Audin is the President of Delphi, Inc. He has more than 40 years of computer, communications and security experience. He has planned, designed, specified, implemented and operated data, LAN and telephone networks. These have included local area, national and international networks as well as VoIP and IP convergent networks in the U.S., Canada, Europe, Australia, Asia and Caribbean. He has advised domestic and international venture capital and investment bankers in communications, VoIP, and microprocessor technologies.

For 30+ years, Gary has been an independent communications and security consultant. Beginning his career in the USAF as an R&D officer in military intelligence and data communications, Gary was decorated for his accomplishments in these areas.

Mr. Audin has been published extensively in the Business Communications Review, ACUTA Journal, Computer Weekly, Telecom Reseller, Data Communications Magazine, Infosystems, Computerworld, Computer Business News, Auerbach Publications and other magazines. He has been Keynote speaker at many user conferences and delivered many webcasts on VoIP and IP communications technologies from 2004 through 2009. He is a founder of the ANSI X.9 committee, a senior member of the IEEE, and is on the steering committee for the VoiceCon conference. Most of his articles can be found on www.webtorials.com and www.acuta.org. In addition to www.nojitter.com, he publishes technical tips at www.Searchvoip.com.

See more from Gary Audin

Editor's Spotlight

How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations
Ccaas
How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations
How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations

Dec 16, 2024

How Talkdesk Delivers for Vertical Industries
Ccaas
How Talkdesk Delivers for Vertical Industries
How Talkdesk Delivers for Vertical Industries

Dec 5, 2024

How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity
Ccaas
How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity
How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity

Dec 17, 2024

Subscribe to Our Weekly Newsletters
Stay informed and sign up for weekly No Jitter and WorkSpace Connect newsletters
Sign Me Up
Mar 17 - Mar 20, 2025
As the #1 communications, collaboration and CX Conference and Expo in North America, we empower IT professionals to confront and overcome today's most pressing challenges. Attend Enterprise Connect and join thousands of like-minded peers building a framework for future success. You’ll walk away with rich learning experiences, invaluable connections, business opportunities, and inspiring insights. Register with Promo Code CONNECT25 to save $200 on Conference passes.
Learn More