CCPA Compliance

The New California Privacy Law

California has taken substantive action to protect consumer data within the state. Passed in 2018, the California Consumer Privacy Act (CCPA) came into force on January 1, 2020 and its chief objective is the regulation of standards surrounding consumer data, privacy guidelines, and new data rights.

Many businesses must be CCPA compliant, but the regulations do not apply to all. Given the comprehensive and complex nature of the CCPA, it is vital that businesses ensure they are knowledgeable on the compliance standards and take proactive steps to be compliant. Moreover, the CCPA can be changed by lawmakers in the future, making it an evolving set of standards. Contact us at CDG for more information on the CCPA and to receive expert CCPA compliance consulting and services.

Businesses That Must Be CCPA Compliant

A business does not need to be located in California for it to have a legal duty to be CCPA compliant. The CCPA deals with a legal entity who provides goods or services to California residents and, thereby, uses California consumer data. If a business meets one of the following criteria, it will be required to meet CCPA compliance; has an annual revenue of at least $25 million, gathers or accesses personal data of at least 50,000 California consumers, or earns half of its revenue from California consumer data.

However, a business need not be CCPA compliant if every aspect of its business transaction occurs outside of California, while the Californian is not located in the state, and the resident’s data is not collected.

What is CCPA Compliance?

Consumer Data

Consumer data as described by the CCPA concerns personal information that could be used to identify a California resident. Such personal information includes names, addresses, products purchased, consuming history, and internet activity. In order to protect consumer data, businesses must meet the compliance standards. Some of the standards include latest consumer rights, such as persons having the ability to view and delete the consumer data a business may have collected.

Detailed Compliance Regulations

Detailed CCPA compliance regulations include, but are not limited to, updating company privacy policies, training employees on the proper use, procedures and handling of data, using secure data inventories that are frequently updated, accounting for new user rights and preparing for consumer data requests, and ensuring database administrators have the tools necessary for the secure tracking and storing of personal information.

CMMC is a standard for organizations in the United States which work with the Department of Defense (DoD). The CMMC covers the cybersecurity controls for Confidential Unclassified Information (CUI).

Cybersecurity Should be an Advantage, not a Cost Center. Let’s Get to Work.