Technically, complying with CCPA doesn't require adding a new policy, instead it requires that your PRIVACY POLICY is updated so that it provides notice to customers of what you will be doing with their data, and how they can contact you to amend or remove this data. If you don't have a full time privacy team, you may want to have outside counsel assist you with these changes.
For your personal edification, this webinar from OneTrust provides an overview of the policy changes required in order to be compliant:
CCPA Privacy Policy & Notice RequirementsHope this helps!
------------------------------
Kate Wakefield, CISSP / CIPT / CRISC
Sr. Mgr. Security Compliance
------------------------------
Original Message:
Sent: 09-15-2022 04:22 PM
From: Jenna Stricker
Subject: CCPA Policy
Does anyone have a CCPA policy template they're willing to share? Happy if it has redacted company information. Our sister company just acquired an additional bank, thus pushing into the category for CCPA and I would love to provide some examples being used in the wild. Thank you!