Preparing for the California Consumer Privacy Act (CCPA)

Amy King November 14th, 2019

The protection of consumer data has been a hot topic for the last few years. GDPR created an actionable process for EU citizens to have their data removed from use and companies are facing serious fines for not doing so. Now, the state of California is getting ready to implement their own data protection law for their residents, the California Consumer Privacy Act or CCPA.

This regulation goes into effect on January 1st, 2020, only a short couple of months away, so we wanted to provide some guidelines on how better data management can help your compliance success.

Criteria

The CCPA applies to companies that collect and process the personally identifiable information (PII) of California residents. They must meet at least one of the following:

Must have an annual gross revenue of $25 million
Must receive or share PII of more than 50,000 Californians annually
Must derive 50% of its annual revenue by selling the PII of Californians

It’s worth noting that nonprofits and companies that don’t meet any of the three requirements do not have to comply with CCPA.

Rights of the Consumer

Californian residents have four ways to protect their personal data under the new law:

Knowledge – a resident has the right to know what PII is being collected, how it’s being used, and whether or not it’s being sold
Sale of Personal Information – customers must be provided an easy process to opt-out of having their PII data sold to a third party. Those who are under 16 must actively opt-in and those under 13 require parental consent.
Personal Information Removal – Consumers can request that their PII data be deleted and a business must comply with this request, including being deleted from third-parties that business may have sold the data to.
Service Equality – Consumers who request their data be deleted cannot be discriminated against and are not required to pay a fee.

Penalties

Businesses that fail to comply with a CCPA request could be liable for penalties up to $2,500 per violation and $7,500 per intentional violation. Once notified of a violation, companies have 30 days to comply in order to avoid penalties.

How Better Data Management Helps with Compliance

Protecting your business is all about protecting your customer’s data privacy. There are a few steps you can take to lower your risk and increase compliance success.

Check out the criteria list above – Did you answer yes to any? Keep reading. Even if you answered no, you might want to implement some of these steps.
Improve your data collection – Take a look at your current data. How many customers are from California? Not collecting state information? You should start.
Ensure accurate data cataloging – You don’t know what information you have if you can’t view it. Make sure your data catalog grants the vision you need.
Reduce unauthorized access – Create a data governance plan to keep customer data out of the wrong hands and prevent unintentional data breaches.
Track the path of your customer’s data – No matter what it gets used for.

Arena for CCPA Success

By using Zaloni Arena, you can reduce your risk and ensure compliance with any form of consumer privacy law. The feature-rich Arena includes all the tools you would need to maintain compliance, including:

Automatic tokenization and masking of PII & sensitive data upon ingestion
Role-based permissioning to data
Data lineage to view the full historical path of your data
Data quality to create a single source of truth
Metadata catalog for deep labeling of customer records

Arena provides a unified end-to-end solution encompassing all your customer data needs. Whether you’re looking for improved data accuracy, the ability to see where your data has been or reducing the risks that come with a multiple-vendor piecemeal solution, Zaloni can help.

Interested in learning how Zaloni Arena can help? Request your free demo today!

about the author

Amy King

Amy King was Zaloni’s Vice President of Marketing and now is CMO at Relias.

OUR LATEST RESOURCES

Truist extends data management capabilities with acquisition of Arena platform
News By: Team Zaloni

How to Create an AWS Lambda EC2 AutoStart Function
Blogs By: Matthew Caspento

Making the Business Use Case for Data Governance
Blogs By: Haley Teeples

Visit Our Categories

Blogs

Webinars

Demos

Videos

Briefs

Case Studies

News

Papers

Technical Content

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
checkForPermission	10 minutes	This cookie is set by Beeswax to determine whether the user has accepted the cookie consent box.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_69864968_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
sid	1 year	The sid cookie contains digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time.
uid	1 year	This is a Google UserID cookie that tracks users across various website segments.

Cookie	Duration	Description
_mkto_trk	2 years	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
BIGipServerab26web-nginx-app_https	session	No description
ga_clientId	never	No description available.

Featured Resources

Latest News

FIND US ON