The California Consumer Privacy Act (CCPA) became law on January 1, 2020, which means your business should be taking special precautions with your customer and vendor data.
The CCPA features a large number of requirements for data collection and privacy, and these requirements can create extra work for your business. You will be glad to hear that CCPA and Sage 100cloud work well together to save your time and protect data privacy.
Here is a quick guide to how you can use Sage 100cloud to meet your CCPA requirements.
What Does CCPA Require and Which Businesses Must Comply?
According to the CCPA, companies that work with Californians must, upon request:
- Disclose what data is being collected and how the data is used
- Delete that data
- Stop selling the data
This law applies to nearly every business in the United States (and many across the world) because Californians may visit your business website or request that your products be shipped to their state.
However, not all organizations that conduct business with Californians must comply with the CCPA. The CCPA only applies to your business if it meets one or more of the following requirements:
- Has annual gross revenues exceeding $25 million
- Keeps or sells Personal Information (PI) on 50,000 or more consumers, households, or devices (alone or in combination with another business)
- Derives 50% or more of annual revenues from selling Personal Information (PI)
The CCPA also applies to companies that are controlled by businesses that fulfill one or more of these requirements, or that share branding with such businesses.
What Is Personal Information (PI)?
Personal Information (Pl) is a broader category than Personally Identifiable Information (Pll), which was previously restricted by existing data laws.
- Personally Identifiable Information (PII) identifies a specific person directly. Examples include names, birthdate, and SSNs.
- Personal Information (PI) can be used, in context, to directly or indirectly identify a person. Examples include everything under the PII category, as well as device IDs, location data, network addresses, and cultural or social identities.
PI is clearly much broader than PII, and the CCPA differs from previous data privacy laws in the U.S. by requiring that eligible companies protect PI. Penalties for non-compliance can be up to $7,500 per violation.
3 Ways Sage 100cloud Helps Protect Consumer and Vendor PI
1. Add data tracking capabilities using Custom Office
Your business can use Custom Office flexibility to flag information that is routinely sold or shared as part of your business process.
2. Delete inactive customers, upon request
New features in Sage 100cloud make it possible to encrypt personal information of “inactive” customers or vendors after an appropriate time has passed (such as after conclusion of business or after sending vendor 1099s) or upon request.
3. Encrypt data for “inactive” customers
To better secure data for your inactive customers or vendors, you may want to encrypt PI in your system. Sage 100cloud 2020 offers a way to do this easily and quickly, with the option to de-encrypt the data when the customer returns to “active” status.
Encrypted PII will no longer appear in reports or task windows and cannot be viewed in Data File Display and Maintenance. It cannot be accessed through Visual Integrator or through external reporting using ODBC.
To encrypt customer and vendor data:
- Ensure the customer or vendor is inactive. Sage 100cloud includes rules that automatically prevent inactive status for contacts with unfinished business, such as open orders or unpaid invoices.
- Select the padlock image, which encrypts the data.
The Sage 100cloud system will confirm that you want to encrypt customer data. This action requires specific permissions in your Sage system.
After confirmation, the system will display a progress bar as it encrypts all connected customer or vendor info, including addresses, invoices, orders, and more.
Once encrypted, the customer or vendor record will display its status, if that record is accessed. The encryption process used is the same as the one used in Payroll.
When a customer returns to active status, Sage 100cloud will de-encrypt the customer record. The system will first confirm that the user (you or an employee) intends to reactivate the customer or vendor.
CCPA and Sage 100cloud: The Combination That Works for You
CCPA is not the only data protection regulation in existence. In fact, lawmakers across the U.S. are swiftly drafting additional data privacy regulations for other states, as well as for the federal government.
The biggest takeaway that business leaders should gain from the CCPA is that the old approach to data, in which the strategy was to collect and keep as much of it as possible, is changing. In this new age of consumer-driven data privacy protection, businesses must understand the rules that apply to them and modify their data-handling processes and procedures to fit the new requirements.
To assist you, Sage is committed to providing capabilities and functionality to support better data management. Sage and SWK Technologies can help you understand your requirements and implement policies and processes that help you comply with the evolving laws.
Take the Next Step: