CCPA - The New Law Delivering GDPR-Style
Privacy To California
On June 28, 2018, the California Consumer Privacy Act of 2018 (CCPA) was signed into law. The CCPA provides consumers who are residents of California a number of rights and and has often been compared to the General Data Protection Regulation (GDPR) enacted by the European Union on May 25th, 2018.
Organizations that collect, consume, sell and retain personal information on California residents will be legally obligated to adhere to the CCPA. Consumer data is certainly a strategic business asset but also a significant liability demanding thoughtful handling.
While the implementation is slated for next year (unless the data of implementation is amended by California Senate Bill SB-1121 or other mechanism) the current expectation is that record keeping, data mapping and subsequent actions be available to consumers related to data collected during the calendar year 2019.
The CCPA will provide consumers with these rights:
- Know what personal information is being collected about them
- Know if their personal information is sold, to whom and for what purpose
- The ability to opt OUT of the sale of their personal information to third parties
- The need to opt IN for those under 16, aligning with Children’s Online Privacy Protection Act (COPPA)
- Easier path to legal action following a breach
- Equal service and price regardless if they exercise their privacy rights or not
The CCPA applies to any for-profit legal entity, anywhere in the world, that is ‘doing business’ (collecting personal information as they sell goods or services) to California residents, who meets any one of these three criteria:
- Annual revenue of $25 million or more
- Buy, sell, receive, or otherwise trade “the personal information of 50,000 or more [California residents], households, or devices”
- Derives 50% of their revenue from selling California residents’ personal information
Civil penalties imposed under the CCPA will be limited to $2,500 for each violation or up to $7,500 per each intentional violation. Additionally, violating entities can be subject to an injunction.
- January 2019 – The California legislature will entertain additional language and consider areas of the law that require additional clarification
- August 31, the California legislature adopted technical amendments, which further refined a number of terms and concepts in the CCPA.
- January 1, 2020 - Effective date for CCPA as law.
- July 1, 2020 – Deadline for the California Attorney General to draft and adopt the law’s implementing regulations.
- July 1, 2020 or 6 months after implementation (whichever comes first) enforcement actions delayed under the CCPA.
Supporting CCPA Compliance
The industry-leading Boldon James Classifier is designed to reduce data loss incidents and improve DLP solution effectiveness. Visual labelling enhances your workforce’s awareness of the value of the data they are using, whilst metadata labels facilitate more effective application of data security, data management and retention policies.
Boldon James Data Classification products can support compliance with CCPA by:
Ensuring appropriate control
of confidential or sensitive information
Classifying or labelling data with visual (and metadata) labels to highlight any special handling requirements
Alerting users when personal data is leaving the organisation to warn or prevent them from sending messages that contain sensitive information
Educating users about the sensitivity of data whilst ensuring adherence to corporate policy
Providing critical audit information on classification events to enable remediation activity and demonstrate compliance position to regulatory authorities
Enabling rapid search and data retrieval based on classification labels to support subject access requests
Utilising metadata labels to drive additional security controls and solutions, such as DLP, encryption and rights management
Orchestrating data management solutions, such as data retention and archiving, to ensure adherence to data storage requirements
With unrivalled customer service and best-of-breed data protection and governance solutions,
we are helping many of the world’s most successful organisations take control of their business data.
Everyday, our customers enjoy more effective, secure and streamlined operations -
protecting their business critical information and reducing risk.
We integrate with powerful data security and governance ecosystems.
We protect business critical data, improve data control and reduce risk.
We deliver improved and streamlined business performance.
We are a “safe pair of hands” that constantly deliver success.