CCPA/CPRA

What’s Up With Reporting Requirements for the CCPA?

Reporting may be one of the most challenging aspects of the California Consumer Privacy Act (CCPA). The recent draft regulations from the California Attorney General introduces reporting requirements that companies must account for during process development for the CCPA.

Among the regulations include the requirement for a complete report of metrics from the previous calendar year for the different categories of data requests including total number of requests, deletions, and opt-outs. Additionally, a company must report on the median number of days it took to respond to requests to know, delete and opt-out.

This introduces unique challenges from a manual perspective. In order to produce these reports within the required timeframes some companies should consider using some form of automation.

As reference, this is the excerpt from the CCPA draft regulations:

  1. (1)  Compile the following metrics for the previous calendar year:
    1. The number of requests to know that the business received, complied with in whole or in part, and denied;
    2. The number of requests to delete that the business received, complied with in whole or in part, and denied;
    3. The number of requests to opt-out that the business received, complied with in whole or in part, and denied; 
    1. The median number of days within which the business substantively responded to requests to know, requests to delete, and requests to opt-out.
    2. Disclose the information compiled above within their privacy policy or posted on their website and accessible from a link included in their privacy policy.
    3. Establish, document, and comply with a training policy to ensure that all individuals responsible for handling consumer requests or the business’s compliance with the CCPA are informed of all the requirements in these regulations and the CCPA.

 

Let’s dive deeper on what reporting for CCPA could look like, as an example this report dashboard shows the proper metrics as required by the CCPA. The metrics shown here aren’t all required, but they will aid in your team’s productivity and understanding of the volumes and types of requests coming through your organization.

10.1 Auditor Reports

 

 

 


Author

Dan Clarke
Dan Clarke
President, Truyo
January 1, 1970

Let Truyo Be Your Guide Towards Safer AI Adoption

Connect with us today