The California Consumer Privacy Act (CCPA) is here: we’ve put together a readiness checklist to help organizations get prepared.
Click here to download the checklist for yourself – or read on for a quick primer on the CCPA!
What is the CCPA?
The California Consumer Privacy Act is an upcoming data privacy regulation that comes into effect on January 1, 2020. It’s designed to protect California consumers’ data, and to motivate (and enforce) all organizations that deal with California resident information to take their responsibility to safeguard consumer data seriously.
The CCPA puts data rights back into the hands of consumers – from understanding how their data is being used, to having a say in sharing their data with third parties, to promoting an expectation of protection and privacy of personal and customer data.
Who does the California Consumer Privacy Act protect?
Any individual who is a California resident or household that can reasonably identified, including by any unique identifier.
What type of data are organizations responsible for?
The CCPA extends the definition of more traditional privacy regulations, declaring that all personal information is covered under the regulation. CCPA now defines personal information to include any data that may be reasonably associated, linked or related to a CA resident and household.
Personal data includes both direct identifiers like Social Security numbers, phone numbers, and license plate patterns – as well as inferred identifiers, which could include anything from nickname to geolocation history to shopping history.
Territorial Scope of the CCPA
Effectively, any company that collects personal data of California residents and households is required to comply with the CCPA. This includes parent and subsidiary companies that share common branding. Google, for example, is established in CA: therefore all google subsidiaries are likely affected (whether or not based in California).
Penalties & Enforcement for the CCPA
- The California Attorney General can levy penalties based on privacy violations and data breach notification requirements: up to $7,500 penalty for violation, and up to $750 in civil damages per user
- The CCPA grants explicit rights for individuals to file claims for privacy loss and/or compromised identities.
- The regulation Introduces a private right to action if an organization does not have adequate security policies and practices in place to prevent a data breach.
- Right to know: Consumers (regular folk) have the right to know what personal data is being collected, analyzed, and monitored
- Right to opt-out: Consumers have the right to opt-out of having their data sold or shared to third parties
- Right to delete: Consumers have the right to request that their data be deleted (or reasonably quarantined)
- Right to equal service: Consumers have the right to equal service regardless of whether or not they choose to share their data with third parties (or request that it be deleted).
What the CCPA Means for Organizations
Know whose data you collect, what that data is, and where it lives. Organizations need to maintain opt-out records for the duration of the consumer request, be able to see who has access to consumer data, identify data by category, and manage & protect any data associated with a CA resident identity.
Download the CCPA readiness checklist to break down 5 areas you need to cover in order to be CCPA compliant, including:
- Map and inventory customer data
- Automatically fulfill consumer data rights
- Define breach thresholds & privacy team workflows for breach response
- Validate and test everything from access requests to data sharing to security policies.
How BigID Helps with the CCPA
BigID enables organizations to meet and manage CCPA requirements with an automated, scalable approach to discover, map, and manage personal information that falls under the CCPA. With BigID, organizations can:
- Discover and classify all CCPA impacted data across enterprise data sources
- Index CCPA by individual to automate data rights
- Operationalize data flow mapping and monitoring through data intelligence
- Integrate with workflows for end to end orchestration
- Fulfill data subject access requests (DSARs)
- Manage, monitor, and validate third-party data sharing
Get a demo to see how BigID helps organizations get ahead of the CCPA – from DSARs fulfillment to third-party data sharing.