The CCPA was enacted in 2018 and it took effect on January 1, 2020. The goal of the CCPA is to protect the personal information of all California consumers by giving rights to consumers and responsibilities to businesses. According to the Fact Sheet published by the Office of the Attorney General of California, the CCPA grants these new rights to California consumers:
- The right to know what personal information is collected
- The right to delete personal information held by businesses
- The right to opt-out of the sale of their personal information
- The right to non-discrimination in terms of service when a consumer exercises one of the above rights.
The CCPA assigns these new obligations to businesses:
- To provide notice to consumers before data collection
- To respond to requests from consumers to opt-out, know, or delete their data
- To verify the consumer identity of those making these requests
- To disclose any financial incentives for exchange of a consumer’s personal information
- To maintain records of requests and how the business responded to those requests
Additionally, the CCPA increases fines and penalties for data breaches caused by inadequate security measures safeguarding your personal information.
These regulations do not only affect businesses based in California; they affect any business that has interactions with consumers that reside in California, and meets the specific requirements set out by the CCPA.
How can you prepare your business for these new laws?
Sage has done extensive work in the area of privacy, firstly to accommodate the GDPR in Europe, and now to ensure that companies have the ability to comply, in Sage300, with the new regulations of the CCPA.
- Sage300 has a tool, called The Anonymizer, that helps you remove (delete) the data for a specific customer or vendor upon their request. After the data is anonymized, the original data is lost forever and cannot be recovered. Other steps to complete the deletion of customer or vendor information must be taken AFTER the Anonymizer has been run on Sage300 data.
- If Sage CRM is integrated with Sage 300, ensure your Sage CRM data is also anonymized so that the personal data just removed from Sage 300 is not imported back in from SageCRM.
- If Sage300 Sales Analysis is in use, you will need to perform the following steps to ensure removal of the specific customer and vendor data
- Clear Details
- Reset Sales Analysis Data
- Retrieve Details
- Setup a method for tracking the format of disclosure required by the customer using Optional Fields. Add an optional field in Common Services and then assign it to Customer, National Accounts and Customer Groups.
- Create disclosure reports.
- Disclosure report of stored personal information: If you are using standard Sage fields for collecting personal information, a standard Sage report may be all that you need (Customer report under AR Customer Reports). However, if you are tracking personal information in Optional Fields, a custom report may need to be designed to report on the collected data.
- Disclosure report of sold personal information: a custom report will need to be designed for this purpose as Sage300 does not know what personal information has been sold, therefore, no standard report is available.
- Review Sage’s dedicated CCPA website for the most up to date information from Sage
- Register for Sage’s CCPA webinar and Training sessions to get more first hand knowledge and demonstrations of how Sage300 helps you deal with the upcoming new changes.
The implementation of the CCPA is a big win for privacy, and it doesn’t need to be a big headache for your businesses!
Call 1-866-436-3530 or email firstname.lastname@example.org for any questions you have or assistance that you need. We are here to help make things easier for you!