California Consumer Privacy Act

We can help you to be compliant!!!

What is the CCPA?

The CCPA, California Consumer Privacy Act, is a state law that gives residents the right to access, delete, and opt out of the sale of their personal information. It affects any business that operates in California, collects personal data from consumers, and meets the annual gross revenue, number of consumers, or revenue from selling consumer information threshold. The CCPA applies to customer, vendor, and employee information, and companies have 30 days to comply after being notified of a violation. Non-compliance can result in fines up to $7,500 per record, and class action lawsuits for damages. The CCPA covers personal information such as real names, IP addresses, and purchase history, among others. We at Software Profiles can help you prepare an information catalog, layout data access and deletion policies, deploy a central information management system, and assist in defining policies for legal and HR teams.

Which companies does the CCPA affect?

  • The CCPA applies to any business, including any for-profit entity that collects consumers’ personal data, which does business in California, and satisfies at least one of the following thresholds: –Has annual gross revenues in excess of $25 million; –Buys or sells the personal information of 50,000 or more consumers or households; or –Earns more than half of its annual revenue from selling consumers’ personal information
  • Companies don’t have to be based in California or have a physical presence there to fall under the law. They don’t even have to be based in the United States.
  • As of now, it applies to the information regarding customers (both individuals and entities), vendors and employees.

NOT in compliance?

  • Companies have 30 days to comply with the law once regulators notify them of a violation. If the issue isn’t resolved, there’s a fine of up to $7,500 per record.
  • The bill also provides an individual right to sue, and it allows class action lawsuits for damages.

What data does the CCPA cover?

  • Here’s what CCPA considers “personal information”:
  • Real name, alias, postal address, unique personal identifier, online identifier IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers
  • Internet or other electronic network activity information
  • Products or services purchased
  • Geolocation data
  • Beside other data…

How we can help!

  • Prepare an Information catalog: – Organizations must understand what personal data resides in their systems, both at rest and in transit.
  • Layout policies for data access and deletion: – Organizations will need to consider how they will manage these requests from a technical perspective. How can you delete the data? Is there a legitimate business need to retain it?
  • Deploy a central information management system: – Organizations must have the ability to answer consumer request to see what information is stored and a safe/systematic way to handle the consumer’s requests.
  • Creating System Inventory (Old Systems, New Systems, UP Coming Systems, Abandoned Systems, Vendor Systems)
  • System Data Analysis
  • Interview each application owner to understand the data and confirm
  • Systems ranking according to the data
  • System data mapping of all the data which falls under CCPA Compliance
  • Assist the Legal team to define policies
  • Assist the HR team