The California Consumer Privacy Act (CCPA) does not in itself outline specific employee training or record-keeping requirements that demonstrate business compliance with the law. However, the California attorney general’s final CCPA Regulations, intended to guide the application of the CCPA, detail that specific types of employee training and record-keeping are required for CCPA compliance.
Specifically, the Regulations require that people who handle inquiries related to a business’s privacy practices, CCPA compliance or CCPA-related consumer requests be trained in all aspects of the CCPA, including the Regulations. This expands a lesser requirement in the CCPA that originally required these individuals to understand only certain applicable portions of the CCPA related to consumer requests. The Regulations also require training that includes explanations to consumers of how they can exercise their CCPA rights. To accomplish this, businesses are required to develop, document and comply with a CCPA training policy. Continue Reading