In today’s digital age, where everything you share online is being processed and all your data is being recorded it becomes utmost important to have formal regulations in place for businesses to ensure data security & privacy of their customers.
Considering the ever-growing size of the sensitive data, incidents of data breaches have taken the front seat. And, in order to protect the consumers’ personal information from these incidents, a set of stringent rules and regulations have been introduced as California Consumer Privacy Act (CCPA) to protect the data of golden state’s consumers as well as residents. This act came in effect on January 1st, 2020 and it will likely to be enforced from July 1st, 2020 onwards or six months after the publication of the final regulation.
California Consumer Privacy Act (CCPA) is a bill that empowers the residents of California, United States to have enhanced privacy rights & consumer protection. The CCPA grants Californians’ rights to have access & delete the data that companies collect about them and allows them to opt out of their data being sold.
Compared to GDPR, CCPA demands the businesses to be more transparent which gives the consumer more visibility in understanding of how & why their data is being collected and provides them with better control on their data. The unique requirement of CCPA for providing a clear and noticeable link on business website stating “Do Not Sell My Personal Information” enables consumers to opt-out of the sale of their personal information to third parties.
When does CCPA apply to a business?
CCPA applies to all profit-oriented businesses that collect, share or sell personal data of California consumers and
- whose annual gross revenues is more than $25 million or
- holds personal information of 50,000 or more consumers/devices or
- earns more than half of its annual revenue from selling consumer personal information
What if you don’t comply to CCPA?
If a business fails to address an alleged violation within 30 days of non-compliance notification, it can bring penalty of up to $2,500 per violation (Calculated on a per-capita basis. For ex: If a violation affects 1000 users, damages could rise to $25,00,000). For Intentional violations, maximum civil penalty of up to $7,500 for each violation of the CCPA can be charged.
Why Happiest Minds?
- With CCPA already in effect and many more privacy laws on their way around the globe, your organization needs to be prepared to handle the data privacy of consumers more effectively and adhere to the requirements laid down by the regulation. Happiestminds can provide its consultation & technology services in every stage of your CCPA journey to help you become a fully compliant CCPA Enterprise and mature your data privacy posture.
- Comprehensive & simplified approach that can provide services in any stage of your CCPA journey – be it process optimization or technology solutions
- Huge experience in helping companies achieve various compliance standards
- Large pool of certified consultants
- Presence in multiple geos across the world
Our Breadth of experience security implementation – data security, security monitoring, cyber analytics, threat detection, response, IOT and cloud security
Our transformations help build the future
CCPA Compliance Gap Assessment
- Review of current policies & procedures on PI data privacy and security
- Review of data flow diagram and data register (if any)
- Review of sample contracts with third party data processors or service providers
- 1:1 meeting with key stakeholders
- Data gathering workshop with cross functional team
- Discover PII across enterprise and processes governing the usage and management of the PII data
- Data flow diagrams and issue identification
- Detailed report on organization CCPA Compliance current state & remediation steps
- High level roadmap and CCPA awareness among stakeholders
- Privacy risk report
- PI Data Map
- CCPA Awareness Training for customer-facing staff members
Gap Remediation
Guide & Assist in Policies and Procedures and Design/Re-alignment
- Data Protection Policies and procedures
- Data Protection Impact Assessment
- Data collection procedures
- PII Data processing procedures
- Data Usage procedures
- Data Subject Request processing procedures
- Complaints procedures
- Internal Auditing procedures
- Breach Notification policy and procedures
- Privacy and consent notices
- Training and Awareness
- Design & Implement Data Protection Solutions – Data Discovery & Classification Data Loss Prevention (Endpoint, Network, Cloud, Email) Data Masking & Encryption
- Policy & Procedures Review
- Audit & Assessment
- Data Security Management
- Data Rights Management
- Breach Management
- Training & Awareness
Ongoing Management Services
- Policy and process review
- Data breach management
- Data inventory management
- Consumer right request management
- CCPA compliance periodic audits and assessment
- Periodic training & awareness
- Analytics driven compliance management