Epicor is committed to data security and privacy—for both itself and its customers and will comply with the California Consumer Privacy Act (CCPA) as it comes into effect. While Epicor CCPA compliance will contribute to its customers CCPA compliance status, compliance is a shared responsibility.

Epicor is committed to assisting its customers in complying with the CCPA requirements through product functionality for personal information access and deletion requests, and continues to work on enhancements to help support its own compliance and that of its customers.

What is CCPA?

The California Consumer Privacy Act (CCPA) enters into effect on January 1, 2020. The law introduces new privacy rights for consumers and requires certain companies doing business in California to enhance their consumer data protection processes.

The new rights given to California consumers are similar to the rights provided by the General Data Protection Regulation (GDPR) in the European Union (EU). The CCPA also subjects non-compliant businesses to fines, class-action lawsuits, and legal action.

The CCPA requires that all in-scope companies who use personal information must comply with requests from individuals to report on what data is collected, how it is used, and even delete the personal information upon request subject to certain exceptions.

All in-scope companies doing having business in California will need to modify their operations, policies and procedures to comply with CCPA.

Who is impacted by the CCPA?

CCPA applies to for profit companies doing business in the state of California that meet one of the following three criteria:

  • At least 25,000,000 USD annual gross revenue, or
  • Annually receives the personal information of 50,000 or more consumer records, households or devices, or
  • At least 50% of the annual revenue comes from selling California residents’ personal information

Companies have to evaluate their personal information management processes and amend non-compliant practices by January 1, 2020.

What does the CCPA provide?

CCPA provides consumers with the following rights:

  • Access to their personal information collected by the business
  • Delete any personal information stored by the business, subject to certain exceptions
  • Opt-out from selling personal information to third parties
  • Receiving the same products or services even if he/she exercises the above rights

Businesses have to provide at least two ways to their consumers to exercise their rights:

  • Phone call
  • Web-based form

 

Penalties

Businesses have 30 days to comply CCPA after a noticed violation. Civil penalties may range from 2,500 USD to 7,500 USD per violation.

 

What do I need to think about regarding CCPA?

Your systems and software are important considerations when striving to meet the requirements of the CCPA, and should be part of adopting a robust organization-wide approach to CCPA compliance. Much of what is required to meet the requirements of the CCPA is process related, and organizations should consider the following:

  • Identify the personal information you have, where it resides, and how it is used
  • Identify any third-party organizations that have access to personal information of consumers. Confirm if personal information is sold to or shared with third parties and the purpose of such sharing
  • Implement robust governance on how personal information are accessed and used
  • Establish appropriate security controls to protect the confidentiality, integrity and availability of personal information
  • Respond to requests from individuals asserting their right to access and right to deletion of their personal information  within 45 days; and
  • Maintain documentation of compliance, including records of processing activities and responses to requests from individuals for at least 2 years

 

What will Epicor provide me to help my organization comply with CCPA requirements?

Epicor is committed to data security and privacy—for both itself and its customers— around the world.

CCPA compliance is a shared responsibility between Epicor and our customers. Epicor products and services can contribute to your CCPA compliance when they process personal information. For example, our products and services provide functionality to help meet individual rights requests. Products and services, including Epicor’s hosted solutions, have security measures and access controls. Organizations can incorporate the functionality and procedures in Epicor’s products and services to help them meet their CCPA compliance obligations.

Epicor is further committed to assisting our customers in complying with the various requirements applicable to their business— including CCPA. Thus, Epicor continues to monitor changing laws and best practices to help enhance our products, contracts, and documentation to help support our customers’ compliance with legal obligations—including the CCPA.