The California Consumer Privacy Act (CCPA) was enacted in June 2018 and goes into effect on January 1, 2020. The CCPA creates privacy rights similar to the rights provided in the European Union’s General Data Protection Regulation (GDPR). The CCPA protects consumers who are in California for anything other than a temporary or transitory purpose. The CCPA also protects consumers who are domiciled in California but are currently outside the State for a temporary or transitory purpose. The term “consumers” is broadly interpreted and includes customers of household goods and services, employees, and Business-to-Business transactions.
The law protects all personal information that identifies, relates to, describes, is capable of being associated with, or may reasonably be linked, directly or indirectly, with a particular consumer or household. There are many enumerated rights, such as the right of privacy notice/information, the right to opt-out for personal information sales, and the right of deletion of personal information (the right to be forgotten).
The penalties for non-compliant businesses include steep fines, class-action lawsuits, and injunctions. Non-compliant businesses are subject to pay damages between $100 and $750 per consumer, per incident, or actual damages, whichever is greater. Further, the California Attorney General may bring actions for civil penalties of $2,500 per unintentional violation, or up to $7,500 per violation if intentional.
Elevate’s Data Privacy Experts can help you with the following offerings:
CCPA Gap Analysis
In conducting a gap analysis, we would benchmark your policies and procedures against the requirements contained within the CCPA. This process will identify compliance gaps whereby our team can them help determine the plan to bridge those gaps.
Privacy Program Design and Implementation
We bring you our experience to design and implement privacy program functions, including:
- Right of Privacy Notice / Information
- Right to Opt-Out for Personal Information Sales
- Right of Deletion of Personal Information
Understanding how you collect, process, transmit and store data, as well as how you use it and who uses it in your organization, is the foundation of your Data Privacy Program and the key to complying with most privacy regulations. However, we find that in many cases the exact data flow of the sensitive data is unclear and not well documented enabling exposure and increasing the risk of data loss.
What we do:
- We seek to understand the information life cycle of sensitive information for key processes throughout the business.
- We evaluate the strength and effectiveness of controls and safeguards.
- Create a master repository of information life cycle details, including data element types, collection mechanisms, transfers, privacy and security practices and transfers to third parties.
- Establish a sensitivity index to focus control enhancements on areas of highest privacy and security risks.
- We identify the high-risk vendors, data flows, and IT systems surrounding CCPA requirements, focusing on areas of remediation and maintaining process activities in congruence with the CCPA.
This is done with both, manual and automated techniques, to gather and document the entire picture.