The Ticking Clock of CCPA Compliance for Manufacturers

The Attorney General (AG) has mandated July 2020 as the date to begin enforcement of the California Consumer Privacy Act (CCPA). The challenge for manufacturers can be seen in a recent PricewaterhouseCoopers survey of 300 U.S. companies showing only 44 percent of them are confident they will meet the requirements of the law by the deadline. With data privacy and security a priority, meeting the looming deadline in a cost-effective way is a major challenge for the entire sector.

Manufacturers considered covered businesses under CCPA must have protocols, mechanisms, and technology in place for consumers’ right to data access, deletion, opt-in/opt out and other CCPA requirements. Civil penalties from the AG can start at $2,500 per violation and go as high as $7,500.

Businesses across all manufacturing sectors are subject to CCPA compliance due to online information collection, product use, upstream customer/government contracts or embedded technology such as medical or IoT devices or the use of personal information for design or testing.

Developing these data collection/retention policies and the technologies necessary both internally and ensuring they meet third-party supplier and even supply chain end-point providers can seem a daunting task. Meeting the tenets of the law can affect everything from product design/development to website and product support, cloud strategy integration, and the crucial workflow and systems creation for managing data rights requests. This sets up the need for a compliance strategy where manufacturers must:

  • Show why they possess customer data
  • Fully map where the information goes, including across their supply chain
  • Keep the data safe at rest and in transit
  • Conduct due diligence and then establish controls across the manufacturing supply and value chain
  • Ensure vendors and third-party suppliers receiving data are compliant
  • Enact monitoring to ensure their vendors are in compliance with those data controls


Read through the full article here:

Company News
Jon Mendoza, CISO
Post by Jon Mendoza, CISO
June 15, 2020