What is the California Consumer Privacy Act (CCPA)?August 8, 2019CCPA
CCPA is a new buzz in ‘today’s high-tech world. CCPA stands for “California Consumer Privacy Act (CCPA). Many are still not aware of what is actually is? Well CCPA is new legislation, passed in June 2018 right after European Union’s General Data Protection Regulation (GDPR) enactment in May 2018. This blog is a dedication to CCPA, covering all the aspects concerning a wide range of readers.
The original CCPA bill was quickly issued to forestall a ballot initiative, but this law has since been amended, and it is more likely to be altered further. Recently, the amendments were made on September 2018, included two key timeline adjustments. These adjustments provided a breathing room for companies and legislators as in:
- The bill extends by six months the deadline for the California Attorney General (AG) to draft and adopt the ‘law’s implementing regulations, from January 1, 2020, to July 1, 2020;
- The bill extends the ‘AG’s ability to bring enforcement actions under the CCPA until six months after publication of the implementing regulations or July 1, 2020, whichever comes first.
Despite the current discussions, it is rudimentary for companies to set up a plan for the core CCPA requirements. However, the intentions of consumer privacy and consumer data rights will remain the same. Sticking up to these guidelines will demand a significant amount of investment into data governance (DG) and master data management (MDM) capabilities.
Is CCPA compliance a serious matter?
As GDPR made no-compliers to pay massive fines, CCPA tends to do the same. It has stringent rules for those who do not give an ear to data privacy compliance. Penalties are significant as well as, potentially crippling if systemic issues exist that portend to widespread issues. Here, fines can reach up to $7,500 per violation, following a payout to California citizens of approximately $750 per incident containing actual damages, whichever is greater.
One can easily negate the penalties, but if caught in some peculiarly suspicious activity, consequences would be worse. What comes may companies adhere to CCPA compliance or not but, a single unauthorised sale, share or transfer of consumer data will make companies to pay $750,000 per batches of 1,000 customers.
So, when can we “Evaluate – Remediate – Accelerate”
Nothing to panic, CCPA will not come into effect until January 2020. The GDPR has already taught companies that, one year, more or less is insufficient to analyse and act.
Knowing the ongoing situation is imperative, rather than plummeting over some know compliance method or fulfilling security gaps. Data management, security management, and business processes can be complicated and lead to issues and gaps which were not apparent.
One must know about his company processes. CCPA has a broad description of personal information. Hence, it is up to a company how it defines personal data. Consequently, ensure that your personal information includes all potential identifiers, including standard personally identifiable information (PII) data, biometric data, geolocation data, browsing history, employment information, etc….
Another thing that requires your concentration is data management. Although, knowing that how your data is being mapped out in your company contains huge importance. How is the storing process going on? To whom the data is passed? Who is accessing the data? Is the data identifiable and how? Consciousness is needed not only for data but also who is governing the data, both keep equal importance.
Compliance is vital but cannot be achieved in a single shot, your evaluation will need several yields and practices. But, less time has remained in CCPA enforcement, organisations are left with no other option except to take a risk-based approach to close identified gaps.
In such cases, when the timeline is short, and enforcement is ahead, adopt Cyber ‘Security’s best practices, rather than developing your framework. It has been witnessed that our clients use the National Institute of Standards and ‘Technology’s Cybersecurity Framework (NIST CSF) and Center for Internet ‘Security’s Critical Security Controls (CIS CSC). All of them are useful frameworks to practice when addressing GDPR compliance issues. Good news is, these same frameworks can be applied for CCPA.
By each passing day, people are getting curious that is their data being handled diligently or not? GDPR, since last year, has evoked this awareness in public and it will grow further in the coming years.
High-profile data breaches and controversial utilisation personal information by reputable companies raised the account of this issue. Law regulators care for the confidentiality of ‘people’s data. Therefore, GDPR came into effect in May 2018, where CCPA has already created a buzz in the tech world. The need to be prepared for CCPA has now taken root. Those who constantly operate in the “reactive” mode will eventually be overwhelmed. When CCPA is over, enterprises should plan to go forward and refine data management strategies. This is to become all prepared for future legislations and fulfil the standards of CCPA and GDPR.
Your solution is already here.
Seers Company is well-known for addressing Cyber Security issues. We do our best to abet organisations (any size or type) in reducing Cyber Security & information security risks. We offer a reviews-based marketplace where you can get in touch with data protection experts and ensure you’re fully GDPR-compliant. Seers can be trusted to deliver managed security solutions for wide-ranging business needs.