CCPA is live: Is your organization ready?

CCPA

19/12/2019

By Peter Duthie, Co-CEO and Chief Architect at Ground Labs  

GDPR. CCPA. PDPA. HIPAA. The alphabet-soup of data privacy regulations continues to grow with more industries across additional regions and state lines enacting new rules that require compliance. In today’s global economy, regulations impacting just one state, one country or one industry affect organizations worldwide. The pressure is on for companies to stay compliant across regulations — and furthermore, prove it. 

The latest regulation to go live is the California Consumer Privacy Act (CCPA). 

What is CCPA and does it affect my business? 

With CCPA, California becomes the first to enact GDPR-like protections for its citizens, impacting all organizations that conduct business in the state. Like GDPR, CCPA requires organizations to inform consumers about the Personally Identifiable Information (PII) data it collects and shares while empowering customers to access and delete their PII data via a request to the organization collecting it. Therefore, it’s critical that organizations know exactly what PII data they have, and where it resides, or they may risk facing significant consequences. 

Unlike its older sibling, GDPR, which imposed fines based on the levels of violation, CCPA allows individuals affected to pursue legal remedies against non-compliant companies. Under CCPA regulations, companies could be liable up to $2,500 per individual violation for a data breach — numbers that could easily become staggering.  

How are businesses preparing for CCPA?

Major companies like Microsoft are vowing to adhere to CCPA on a national level, a strategy that bodes well with U.S. consumers who demand greater privacy in the wake of exploitations this past year. Microsoft’s move plays in line with how we’ve seen most organizations conduct business under GDPR, as it’s easier to comply more broadly while also proactively setting yourself up for success in the instance of future regulations.

To help organizations prepare for the CCPA regulation, we’ve come up with five tips for achieving compliance.

1. Conduct a full data audit by mapping out where all PII data lives within your organization. It’s also imperative to know where it came from, who has access to it and what it’s being used for.

2. Ensure your customers understand their key rights related to their PII data:

  • The right to know what personal information is being collected used, shared or sold, both as to the categories and specific pieces of personal information;
  • The right to delete personal information held by businesses and by extension, a business’s service provider;
  • The right to opt-out of the sale of personal information;
  • The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.

3. Expand consent notices that outline the above rights to reach every bit of publicly facing collateral; websites, marketing materials and third-party contracts are all great places to start.

4. Create business strategies and internal processes to address the following business obligations outlined by the CCPA:

  • Organizations must provide notice to consumers at or before data collection.
  • Organizations must create procedures to respond to requests from consumers to opt-out, know and delete. (For requests to opt-out, businesses must provide a “Do not sell my personal information” link on their website or mobile app.)
  • Organizations must verify the identity of consumers who make requests to know and to delete personal information, whether or not the consumer maintains a password-protected account.
  • Organizations must disclose financial incentives offered in exchange for the retention or sale of consumer’s PII data.
  • Organizations must maintain records of requests and how they responded for 24 months in order to demonstrate their compliance.

5. Appoint someone within your organization to drive the compliance movement. Although this person will oversee efforts, it’s the responsibility of every department and individual to ensure compliance.

Choose the right partners and technologies Data discovery solutions like Enterprise Recon from Ground Labs are powerful solutions for the discovery and remediation of PII data while providing the help and proof organizations need to demonstrate their compliance with CCPA. It’s important to keep in mind that compliance is not a destination but rather a journey — which is why it’s key to have a trusted partner who can help you navigate the ever-changing and challenging compliance landscape. Furthermore, taking a leaf out of Microsoft’s strategy, it’s important for organizations to look at CCPA and GDPR as a way to demonstrate to current and future customers and employees that their data matters and as a company, you’re taking proper steps to make sure it’s secure. This then becomes a proactive approach to data security rather than damage control post-breach, one which is increasingly valued and expected by consumers. 

For more information around CCPA and what it means for your business, visit the CCPA’s official Fact Sheet

Peter Duthie

Author
Peter Duthie

Stay ahead of hackers

Sign up for our monthly security
newsletter and stay ahead.



Copyright © 2020 Ground Labs Pte Ltd – All rights reserved | Legal | Privacy | EULA

It's time to find your data

Enterprise Recon User Interface

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources-image

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question or
looking for Docs?
Our dedicated support team are here to help.

Get Support

Case Studies
& White Papers

Detailed case studies from some of our current customers.

Learn more

Blog

Stay up-to-date with recent cybersecurity trends and topics.

Stay Up To Date

Events

We have a global events structure in place, click below to see where we are next.

Meet us

It's time to find your data

Enterprise Recon User Interface

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources-image

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question or
looking for Docs?
Our dedicated support team are here to help.

Get Support

Case Studies
& White Papers

Detailed case studies from some of our current customers.

Learn more

Blog

Stay up-to-date with recent cybersecurity trends and topics.

Stay Up To Date

Events

We have a global events structure in place, click below to see where we are next.

Meet us