Note: This post was created prior to the implementation of the CCPA. The law is now in effect as of January 1, 2020. Keep reading to learn more about CCPA compliance and how your dealership may be affected.
The passage of the California Consumer Privacy Act (CCPA) will usher in changes in how businesses collect and share consumer data. Auto dealerships are among the many businesses caught up in the CCPA’s regulatory net. In order to comply with state regulations and build customer trust, it’s essential to understand the law and get ready for its provisions.
When does the CCPA go into effect?
The answer to this question isn’t cut and dry because it depends on regulatory actions by the California attorney general. Two dates are worth noting. January 1, 2020 is the law’s practical effective date, and it’s best to ensure your dealership is in compliance with the spirit of the law by this date. That includes implementing “reasonable security procedures and practices,” which the California AG has indicated means (at a minimum) following the 20 essential security controls recommended by the Center for Internet Security.
The actual provisions of the law go into effect 6 months after the attorney general publishes the necessary regulations. According to the CCPA, this must happen by July 1, 2020. By this date, auto dealerships should not only be in compliance but also be nimble enough in their data collection and cybersecurity processes to quickly adjust to more specific regulations.
Who does the CCPA apply to?
The law applies to businesses operating in California that surpass any of the following thresholds. A business doesn’t need to meet all three criteria in order to be subject to the CCPA, any one is sufficient:
- Annual gross revenue of $25 million or more
- Buying, receiving, selling, or sharing for commercial purposes the personal information of 50,000 or more consumers
- More than 50 percent of annual revenues come from selling consumer data
Many dealership groups will meet the first test and therefore be subject to the CCPA. Those that are in the $20-25 million revenue range should also prepare to comply.
What should auto and truck dealerships do to prepare?
Key steps for preparing for the CCPA include understanding your current data management practices, developing new policies, and gathering the necessary IT resources to implement appropriate changes. Here’s a brief list of essential steps:
- Identify how many of the Center for Internet Security’s cybersecurity controls you currently follow, and which you’ll need to implement
- Identify the ways your dealership collects consumer information and how this data is managed
- Work with your IT service provider to assess your systems
- Work with your IT service provider to develop new policies and procedures in compliance with the CCPA
- Plan necessary changes to your website to comply with the law
- Inform employees about changes in policies and how they should relay this information to customers
- Develop a checklist to keep track of all the important steps of this process
When should you start preparing for the CCPA?
Since the law will go into effect in 2020, it’s essential to start planning compliance as soon as possible. The process of updating IT systems to meet regulatory requirements can be extremely complex.
Waiting too long could mean having to spend more money in order to get compliant on a tighter schedule. Delayed planning can also lead to costly lapses or mistakes. CCPA compliance requires a methodical approach. The best time to start is right now.
When should you engage with a specialized IT vendor?
Complying with the CCPA requires the right kind of expertise. Managed IT services providers work on many of these projects, understand the complexities of compliance, and have the time-tested experience to get the job done efficiently. If you haven’t done so already, consider engaging with an IT service provider as soon as possible.
An IT service provider can assess your current systems, outline the scope of the compliance project, give you an idea of the specific updates you’ll need to implement, and develop an overall strategy to ensure your dealership is ready by the CCPA’s effective date. On top of this, streamlined IT services can also save you money overall and even make other processes most efficient.
When choosing a managed IT services provider, make sure you choose one that specializes in, or is at least intimately familiar with, auto and truck dealer IT. Choosing a generalist when you need a specialist can be costly when it comes to the law.