BY Peter Duthie | 19/12/2019
By Peter Duthie, Co-CEO and Chief Architect at Ground Labs
GDPR. CCPA. PDPA. HIPAA. The alphabet-soup of data privacy regulations continues to grow with more industries across additional regions and state lines enacting new rules that require compliance. In today’s global economy, regulations impacting just one state, one country or one industry affect organizations worldwide. The pressure is on for companies to stay compliant across regulations — and furthermore, prove it.
The latest regulation to go live is the California Consumer Privacy Act (CCPA).
What is CCPA and does it affect my business?
With CCPA, California becomes the first to enact GDPR-like protections for its citizens, impacting all organizations that conduct business in the state. Like GDPR, CCPA requires organizations to inform consumers about the Personally Identifiable Information (PII) data it collects and shares while empowering customers to access and delete their PII data via a request to the organization collecting it. Therefore, it’s critical that organizations know exactly what PII data they have, and where it resides, or they may risk facing significant consequences.
Unlike its older sibling, GDPR, which imposed fines based on the levels of violation, CCPA allows individuals affected to pursue legal remedies against non-compliant companies. Under CCPA regulations, companies could be liable up to $2,500 per individual violation for a data breach — numbers that could easily become staggering.
How are businesses preparing for CCPA?
Major companies like Microsoft are vowing to adhere to CCPA on a national level, a strategy that bodes well with U.S. consumers who demand greater privacy in the wake of exploitations this past year. Microsoft’s move plays in line with how we’ve seen most organizations conduct business under GDPR, as it’s easier to comply more broadly while also proactively setting yourself up for success in the instance of future regulations.
To help organizations prepare for the CCPA regulation, we’ve come up with five tips for achieving compliance.
1. Conduct a full data audit by mapping out where all PII data lives within your organization. It’s also imperative to know where it came from, who has access to it and what it’s being used for.
2. Ensure your customers understand their key rights related to their PII data:
3. Expand consent notices that outline the above rights to reach every bit of publicly facing collateral; websites, marketing materials and third-party contracts are all great places to start.
4. Create business strategies and internal processes to address the following business obligations outlined by the CCPA:
5. Appoint someone within your organization to drive the compliance movement. Although this person will oversee efforts, it’s the responsibility of every department and individual to ensure compliance.
Choose the right partners and technologies Data discovery solutions like Enterprise Recon from Ground Labs are powerful solutions for the discovery and remediation of PII data while providing the help and proof organizations need to demonstrate their compliance with CCPA. It’s important to keep in mind that compliance is not a destination but rather a journey — which is why it’s key to have a trusted partner who can help you navigate the ever-changing and challenging compliance landscape. Furthermore, taking a leaf out of Microsoft’s strategy, it’s important for organizations to look at CCPA and GDPR as a way to demonstrate to current and future customers and employees that their data matters and as a company, you’re taking proper steps to make sure it’s secure. This then becomes a proactive approach to data security rather than damage control post-breach, one which is increasingly valued and expected by consumers.
For more information around CCPA and what it means for your business, visit the CCPA’s official Fact Sheet.
Share this article!
Want to keep up with all our blog posts? Subscribe to our newsletter!
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.