This checklist structures an assessment of compliance with California privacy laws (including changes becoming effective in 2023). Compile and memorialize the analysis and information underlying your review in a single privileged workspace.
1 Setup the workroom
Create a new workroom using the template. Give it a name to match your company, like "XYZ Corp. CCPA Compliance."
2 Determine if the CCPA applies to your company
Review the Section titled “Is your business covered by the CCPA?” If your company meets any of the thresholds listed, continue to review your company’s compliance.
3 If the CCPA applies, add members to the workroom as needed
In the new workroom, use Add People to invite your colleagues to the workroom.
Invite them as an Editor, if they need to be involved in maintaining and modifying the workroom.
Invite them as a Viewer, if you want them to be able to see and download files, but not make changes to the workroom.
4 Perform a compliance audit based on the sensitive information your company retains
Determine which user data collected by your company requires special attention. The Section titled “Are you collecting data covered by the CCPA?” contains a list of types of data that are covered.
Audit your company’s compliance by ensuring each measure listed in the Section titled “Are you compliant with the CCPA?” is fulfilled.
Go through the list in the Section titled “Are you complying with obligations to customers?” and ensure that each customer is able to exercise those rights.
5 Adjust company practices if necessary
If your company is not fully compliant, use this checklist to fill in the missing gaps to become compliant. Continue to add members as necessary and upload any relevant documents in the Records tab.
Review this checklist periodically for continuous compliance.