A common misconception is that IT teams can manually compile a list of sensitive data
There is no all-encompassing law in the US that regulates the collection, storage, or use of personal information. With the evolving data privacy landscape, California Consumer Privacy Act (CCPA) will take effect on January 1, 2020. It aims to introduce new rights for California residents – mandating businesses within scope to address their security and privacy frameworks or face related fines due to non-compliance. CCPA extensively supports the data privacy rights of consumers and requires organizations to be significantly more transparent about how they collect, use, and disclose residents’ personal information. Among other things, the CCPA regulation also grants California residents the ability to request the data that businesses collect on them, request for deletion of their data, and also the option to opt out of having their data sold to third parties.
CCPA affects your organisation if you collect and process data of California residents and meet at least one of the following thresholds:
- Annual gross revenues of at least $25 million
- Obtain personal information of at least 50,000 California residents, households, and /or devices per year
- At least 50% of the annual revenue is generated from the sales of California residents’ personal information
Thus, CCPA affects not only California-based companies but any organization that does business with California residents thereby potentially possessing Californians’ personal data.
Steps for being CCPA compliant
Many organizations are making necessary structural changes in their privacy policies to incorporate CCPA requirements. Organisations should leverage this new law as a stepping stone to build a robust privacy program. Under CCPA, companies under scope are expected to build strong compliance frameworks and implement requisite privacy controls. Steps towards being a CCPA compliant organization include-
- Identification and mapping of all personal information under the organization's control.
- Organizations ensuring that all of their third-party vendors perform the above step and share their results as well.
- Organizations updating privacy disclosures and strengthening their data security measures.
Achieving CCPA compliance is likely going to take a lot longer for the organizations than one may think. Recent research by PwC estimates only about half of US businesses affected by the CCPA expect to be compliant by the deadline.1
CCPA has started a strong domestic data privacy wave in the US. Several other US states have introduced bills modeled on CCPA and require companies to furnish notice of the types of personal information collected along with the list of third parties to whom they disclose this information. Washington has proposed requirements that mirror the GDPR, such as defined roles for controllers and processors and the right to correct information.2
How Kogni can help solve CCPA challenge?
Organizations must take a holistic approach to CCPA compliance by leveraging a comprehensive enterprise data security tool. With the support of this tool, organizations can identify where their personal data resides and how it is used; streamline the ability to act when consumers exercise their rights to information and deletion; and manage opt-outs relating to the sale of personal information. Kogni addresses these key CCPA requirements and sets organizations in the right direction for supporting a data security and privacy program that addresses the tenets of the regulation. Kogni ensures compliance with data governance initiatives by monitoring for policy violations and deviations from established organization standards. Kogni helps secure sensitive data in both structured and unstructured datasets in both on-premise and cloud data stores.
These capabilities make Kogni the most comprehensive, intelligent and advanced all-in-one data security solution in the market for complying with cumbersome regulations such as the CCPA.
Organizations across the globe are asking this question: Is it already too late to meet the CCPA deadline? Thankfully, it’s still possible to prepare for and meet the January 2020 deadline for CCPA compliance — but the time to start is now. For a comprehensive free data-centric security risk evaluation, please reach out to Kogni at firstname.lastname@example.org or visit us at kogni.io
- Nicholson J., (April, 2019) CCPA Is Coming: Time to Wake Up and Smell the Legislation. Retrieved from- https://www.cmswire.com/digital-marketing/ccpa-is-coming-time-to-wake-up-and-smell-the-legislation/
2. Johnson R, Rabkin J, Tobitsch K, Everett J, Mckenzie M., (February, 2019) United States: States Propose Bills With CCPA-Like Provisions. Retrieved from- http://www.mondaq.com/article.asp?article_id=785886&signup=true
3. Alikhani K., (June, 2019) Regulatory Disruption: Is Your Business Ready To Comply With The CCPA? Retrieved from- https://www.forbes.com/sites/forbestechcouncil/2019/06/06/regulatory-disruption-is-your-business-ready-to-comply-with-the-ccpa/#11e0cf1545ee
4. Jones D., (May, 2019) How Enterprises Are Preparing for CCPA, California’s Version of GDPR. Retrieved from- https://www.cmswire.com/information-management/how-enterprises-are-preparing-for-ccpa-californias-version-of-gdpr/