CCPA Training Requirements

Training is required by CCPA. How do you ensure compliance?

Scribble line

Do you need CCPA training?

If an organization must comply with CCPA, then that organization must conduct CCPA training.

What organizations need to comply with the California Consumer Privacy Act (CCPA)? Organizations need to comply with CCPA if the organization stores or uses PII of California citizens. Similar to how GDPR applies to personally identifiable information (PII) of EU citizens, CCPA applies to PII of Californians. CCPA applies to organizations whether they have offices in California or not.

Also similar to GDPR, technology companies are the most impacted by CCPA because they cross borders seamlessly via the Internet and technology business models and products often leverage PII.

If you work for a company that stores or processes California citizen data, you should receive some form of CCPA training so that you can understand the impact of CCPA on your job function and organization.

What training does CCPA require?

CCPA does explicitly define training requirements, though those requirements are vague.

Section 1798.130 and 1798.135 of CCPA essentially say the same thing about training - Ensure that all individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed of all requirements in Sections 1798.110, 1798.115, 1798.125, and this section, and how to direct consumers to exercise their rights under those sections.

Individuals that are consumer-facing should receive CCPA training. Given the growing importance of privacy to consumers, most employees should, at the very least, understand enough about CCPA to be able to direct inquiries to the right place and to understand the parties responsible for data privacy within their organization.

CCPA training should be conducted at onboarding for new employees when changes are made to compliance policies and procedures, and on a regular cadence, with annual being the longest acceptable interval.

What does effective CCPA training look like?

Most organizations do not offer effective compliance training to their workforces. Current approaches to compliance training are outdated, generic, infrequent, and do not practically apply to the day-to-day work of employees, especially employees at technology companies. Employees represent the largest threat to corporate systems data and are the most common cause of security incidents and data breaches. It has never been more important to get compliance training right.

Additionally, in order to effectively implement security by design and to ensure all employees are educated about data subject requests, every member of the workforce should be trained in compliance, privacy, and security as well as relevant CCPA rules.

At Day Zero, our team has designed and managed CCPA training programs. In order to be successful with training, CCPA training needs to be built into the culture of the organization. In our experience, the following elements are essential aspects of effective CCPA training.

  • Simple words. Technical jargon should not be used. Most employees don’t need to talk to auditors or interpret compliance frameworks. They need training they can understand.
  • Ongoing. Training starts at onboarding but should be continually delivered in snippets on a regular, at least monthly basis.
  • Specific to employee role. Specific training curriculum and snippets should be tailored to the specific roles of employees.
  • Engaging. Training should not be static. Employees should be asked to participate with feedback and fun quizzes.
  • Relevant to modern work. Work is done on computers in the office and on employee-owned phones at home. CCPA training needs to take this into account and incorporate lessons that apply to all of these settings.
  • Covers data subject rights. CCPA rules are explicit about the handling of data subject requests. CCPA training should address these new rights.

Day Zero offers CCPA training that ensures all of the above. In addition, we provide metrics to continually gauge and improve compliance training. Our customers lean on us to build a culture of privacy across their entire workforce. We are 100% focused on making sure your employees are properly trained and you have the proof you need to comply with CCPA.

Resources for CCPA training

Below are some links to learn more about CCPA training.