Preparing for the California Consumer Privacy Act (CCPA)

The protection of consumer data has been a hot topic for the last few years. GDPR created an actionable process for EU citizens to have their data removed from use and companies are facing serious fines for not doing so. Now, the state of California is getting ready to implement their own data protection law for their residents, the California Consumer Privacy Act or CCPA.

This regulation goes into effect on January 1st, 2020, only a short couple of months away, so we wanted to provide some guidelines on how better data management can help your compliance success.

Criteria

The CCPA applies to companies that collect and process the personally identifiable information (PII) of California residents. They must meet at least one of the following:

• Must have an annual gross revenue of $25 million
• Must receive or share PII of more than 50,000 Californians annually
• Must derive 50% of its annual revenue by selling the PII of Californians

It’s worth noting that nonprofits and companies that don’t meet any of the three requirements do not have to comply with CCPA.

Rights of the Consumer

Californian residents have four ways to protect their personal data under the new law:

• Knowledge – a resident has the right to know what PII is being collected, how it’s being used, and whether or not it’s being sold
• Sale of Personal Information – customers must be provided an easy process to opt-out of having their PII data sold to a third party. Those who are under 16 must actively opt-in and those under 13 require parental consent.
• Personal Information Removal – Consumers can request that their PII data be deleted and a business must comply with this request, including being deleted from third-parties that business may have sold the data to.
• Service Equality – Consumers who request their data be deleted cannot be discriminated against and are not required to pay a fee.

Penalties

Businesses that fail to comply with a CCPA request could be liable for penalties up to $2,500 per violation and $7,500 per intentional violation. Once notified of a violation, companies have 30 days to comply in order to avoid penalties.

How Better Data Management Helps with Compliance

Protecting your business is all about protecting your customer’s data privacy. There are a few steps you can take to lower your risk and increase compliance success.

1. Check out the criteria list above – Did you answer yes to any? Keep reading. Even if you answered no, you might want to implement some of these steps.
2. Improve your data collection – Take a look at your current data. How many customers are from California? Not collecting state information? You should start.
3. Ensure accurate data cataloging – You don’t know what information you have if you can’t view it. Make sure your data catalog grants the vision you need.
4. Reduce unauthorized access – Create a data governance plan to keep customer data out of the wrong hands and prevent unintentional data breaches.
5. Track the path of your customer’s data – No matter what it gets used for.

Arena for CCPA Success

By using Zaloni Arena, you can reduce your risk and ensure compliance with any form of consumer privacy law. The feature-rich Arena includes all the tools you would need to maintain compliance, including:

• Automatic tokenization and masking of PII & sensitive data upon ingestion
• Role-based permissioning to data
• Data lineage to view the full historical path of your data
• Data quality to create a single source of truth
• Metadata catalog for deep labeling of customer records

Arena provides a unified end-to-end solution encompassing all your customer data needs. Whether you’re looking for improved data accuracy, the ability to see where your data has been or reducing the risks that come with a multiple-vendor piecemeal solution, Zaloni can help.

Interested in learning how Zaloni Arena can help? Request your free demo today!