CCPA (California Consumer Privacy Act) Compliance
Soon after the GDPR became enforceable on May 25, 2018, the state of California passed its Consumer Privacy Act of 2018. The CCPA became effective on January 1, 2020. Similar to its European counterpart, this state legislation demands that organizations managing the personal data of Californian citizens need to put measures in place to protect the information under their care.
The California Consumer Privacy Act of 2018 (CCPA) has transformed the way enterprises have traditionally stored, processed, and sold personal consumer information. Its primary goal is to protect individual privacy and allow consumers to access their data as well as opt-out of having it shared with third parties.
In addition to the stated consumer rights, the CCPA also provides California residents with the ‘right to be forgotten. The right to be forgotten is the right to have negative private information about a person removed from Internet searches and other directories under some circumstances. It also allows organizations to compensate consumers if they agree to the sale of their personal data.
With an effective date of January 2020, organizations need to comply with the provisions of this act. They need to have the appropriate systems and processes in place to implement the requirements.
CCPA Compliance Thresholds
Like the GDPR, the reach of the CCPA is not limited to organizations that are residents in California. Any enterprise that stores or processes the information of any California resident and exceeds any of these three thresholds needs to comply with CCPA regulations:
- Any business that has an annual gross revenue that exceeds $25 Million.
- Any enterprise that derives 50% or more of its annual income from selling personal information.
- Any organization that buys or receives the personal information of more than 50,000 consumers, households, or devices annually.
CCPA Compliance Requirements
If your organization processes or stores the information of California residents and exceeds any one of the three thresholds listed above, you will need to comply with the stipulated provisions of the CCPA. These compliance requirements include:
- Informing consumers of the type of personal information your business will be collecting, storing, or processing.
- Clearly defining the purpose and outlining the reason behind the personal data being gathered.
- Implementing the appropriate measures to respond to individual consumer requests regarding their personal information and consumer rights.
Many significant challenges exist for organizations that are subject to CCPA requirements. Identifying and managing California resident data, developing the tools and processes to comply with the requirements, and procedures for responding to individual requests are all essential capabilities that must be implemented and documented. 24by7 Security can assist your company in achieving these goals.
Our Services for CCPA compliance include:
- Readiness/Gap Assessment
- Policy and Procedure Development
- Data Privacy Review and assessment.
WEBINAR ON DEMAND: Click on image to register and view this informative webinar