5 EASY STEPS TO COMPLY WITH CALIFORNIA CONSUMER PROTECTION ACT (CCPA)
The California Consumer Protection Act (CCPA) that went into effect on 1st January 2020 and gave California residents rights over their personal data. The legislation mandates organizations to be better custodians of consumer’s personal data. While the Act is in effect, several companies are still getting started to understand this legislation and its implications.
Last week, we held a webinar to simplify this complex legislation and help you with 5 simple tips to comply with CCPA. We collaborated with our partner Securiti.ai to help you understand this law. Our speakers Faisal Basar, Chief Technology officer, Bista Solutions and Joe Hardenbrook, Commercial Sales and Channel Partner Manager US West & EMEA, Securiti had some interesting insights to share.
HERE’S THE VIDEO FROM OUR WEBINAR
CONSUMERS’ RIGHT TO PERSONAL DATA
We started with discussing the user rights with CCPA has to offer. Here are the key rights:
Right to get access to your data – This right enables consumers to request companies to disclose any personal information that was collected in the last one year, the sources of that information, usage of that information, and the third parties with whom the information is shared. They can also request for the categories of personal information that the company sold or disclosed. Businesses are then liable to share this information with the consumer within 45 days of the request.
Right to ask to delete your data – The right to delete data gives consumers the right to request erasure of all their data stored by an organization. Companies are supposed to comply within 45 days and are required to provide a report on the deleted information to the consumer.
Right to ask to restrict data use – The right to opt out mandates companies to set up a “Do Not Sell My Information” option on the company’s website. Consumers have the right to opt out of the sale of their personal information even if they had previously given permission for its sale to a business.
Right to extract & port your data – In response to a request for disclosure, a company must provide personal information in a readily useable format that enables a consumer to transmit the information from one entity to another easily.
WHAT HAPPENS IF YOU DON’T COMPLY?
Our panelists, Joe and Faisal also took a deep-dive into the implications and enforcement actions of non-compliance with CCPA. CCPA authorizes California’s Attorney General (AG) to seek civil penalties and entitles California residents to a private right of action they suffer a data breach or data theft.
Here are the key non-compliance penalties that Joe and Faisal discussed in our webinar:
- Unintentional penalties for noncompliance range from $2,500 per violation if the violation is found to be unintentional
- $7,500 per violation if found to be intentional
- If personal information is exposed because of a data breach, consumers can initiate civil action lawsuits against an organization
- This may result in penalties between $100 to $750 per consumer, per incident or greater if the actual damages exceed $750
WHAT ARE THE 5 STEPS TO COMPLY?
- Know your Data
The first step is the develop a data inventory to track all locations, third parties, operations, and applications collecting or processing personal information. Consider using Privacy Enhancing Technologies (PETs) as you implement your data inventory.
Securiti’s Data Mapping solution is the perfect solution to this. It allows you to streamline information gathering, discover new data, update records, and enable an AI-powered PrivacyOps solution.
- Provide Rights to Users (aka data subjects)
Prepare to address the consumer’s rights in a timely fashion which includes user’s right of access to data, right to stop data selling and disclosure and right to require erasure of data. Start by gathering the answers to –
- What personal data are you currently collecting?
- What are your methods of data collection?
- Where and how is this data stored?
- Do you share this data you collect? If so, with whom?
- Do you sell the data or use it for any other purpose?
Securiti’s DSR Robotic Automation and People Data Graph allows you to discover personal information stored across all systems and link it to the owner of the personal data.
- Assess Your Vendors
One of the key steps in curbing data usage is by identifying your vendors or third parties. It is essentials for businesses to understand how vendors are accessing or handling consumers’ personal information. Once this understanding is developed, companies need to identify if data-related contractual changes in vendor agreements are necessary.
Mapping vendors, however, can be a cumbersome task. Securiti’s ‘vendor assessment’ tool allows you to track, monitor and manage privacy and security readiness for all your service providers from a single interface.
- Update your Notices
It is extremely important to update your privacy notices to specify the rights of California residents including the right to opt out of the sale of their PI, as well as the categories of data being collected, disclosed, or sold to third-parties. With Securiti’s ‘Consent Management platform’ you can easily track consent revocation to prevent the sale or transfer of data without consent.
- Evaluate your Security
The last critical step to prepare yourself for CCPA compliance is to evaluate your security and data protection mechanisms and determine if existing mechanisms adequately protect California resident data. Businesses need to understand their high risk data-sets and implement robust data security systems.
HOW CAN BISTA HELP?
- We have partnered with a leading data protection and analysis company -Securiti, to help you safeguard your data
- ai enables organizations to meet CCPA compliance requirements through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities and AI-driven process automation.
- We at Bista can help you structure your data in accordance with data governance guidelines, so that you can manage customer data efficiently
- We help you manage how you store your consumer data and deploy robust ways to keep that information secure
- We hand-hold you through regulatory requirements of the CCPA and offer governance solutions
- We build and provide a robust data protection ecosystem, so you never have to worry about the security and compliance of your consumer data
Get started today, with a CCPA assessment where we will provide you with access to Securiti tools, absolutely free.