Consumer Privacy Act (CCPA)
We can help you to be compliant!!!
What is the CCPA?
Under the CCPA, California residents will have rights to access their personal information, to have it deleted and to opt out of its “sale” (defined broadly to include any disclosure in exchange for something of value). The law also raises the stakes in the event of a data breach by creating a class action right and statutory damages without having to prove actual losses.
The law goes into effect on January 1, 2020.
Which companies does the CCPA affect?
- The CCPA applies to any business, including any for-profit entity that collects consumers’ personal data, which does business in California, and satisfies at least one of the following thresholds: –Has annual gross revenues in excess of $25 million; –Buys or sells the personal information of 50,000 or more consumers or households; or –Earns more than half of its annual revenue from selling consumers’ personal information
- Companies don’t have to be based in California or have a physical presence there to fall under the law. They don’t even have to be based in the United States.
- As of now, it applies to the information regarding customers (both individuals and entities), vendors and employees.
NOT in compliance?
Companies have 30 days to comply with the law once regulators notify them of a violation. If the issue isn’t resolved, there’s a fine of up to $7,500 per record.
The bill also provides an individual right to sue, and it allows class action lawsuits for damages.
What data does the CCPA cover?
Here’s what CCPA considers “personal information”:
– Real name, alias, postal address, unique personal identifier, online identifier IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers
– Internet or other electronic network activity information
– Products or services purchased
– Geolocation data
– Beside other data…
How we can help!
- Prepare an Information catalog: – Organizations must understand what personal data resides in their systems, both at rest and in transit.
- Layout policies for data access and deletion: – Organizations will need to consider how they will manage these requests from a technical perspective. How can you delete the data? Is there a legitimate business need to retain it?
- Deploy a central information management system: – Organizations must have the ability to answer consumer request to see what information is stored and a safe/systematic way to handle the consumer’s requests.
- Creating System Inventory (Old Systems, New Systems, UP Coming Systems, Abandoned Systems, Vendor Systems)
- System Data Analysis
- Interview each application owner to understand the data and confirm
- Systems ranking according to the data
- System data mapping of all the data which falls under CCPA Compliance
- Assist the Legal team to define policies
- Assist the HR team