CCPA’s Independent Business Obligations
The CCPA creates eight consumer rights, eight corresponding business obligations and three independent business obligations. Under the CCPA, businesses have the following independent obligations:
- Train Employees: Businesses are required to train employees who handle consumer inquiries on the CCPA-provided consumer rights and business obligations. Businesses are obligated to ensure that employees know how to direct consumers to exercise their rights under the law.
- Create Designated Methods for Consumers to Assert Their Rights: Businesses must create two (2) or more designated methods for consumers to submit requests for information, including a toll-free phone number and a website address if the business maintains a website. "Designated methods for submitting requests" include a mailing address, email address, Internet webpage or portal, toll-free telephone number, or other applicable contact information, whereby consumers may submit a request under the CCPA.
- Execute Vendor Contracts Containing Specific Criteria: Although not required to do so under the statute, businesses that wish to shift liability away from themselves and on to vendors who cause violations of the CCPA must execute written contracts with their vendors containing specific language criteria. The contract must prohibit vendors from selling, retaining, using or disclosing the personal information outside of the direct business relationship with the business. The contract must also include a certification from the vendor that it both understands and will comply with the restrictions.
Print and share
Authors
Explore more in
Perkins on Privacy
Perkins on Privacy keeps you informed about the latest developments in privacy and data security law. Our insights are provided by Perkins Coie's Privacy & Security practice, recognized by Chambers as a leading firm in the field. Subscribe 🡢