What is CCPA?
CCPA is the California Consumer Privacy Act which is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States.
This law regulates how businesses all over the world are allowed to handle the personal information of California residents. This gives the residents enhanced rights which includes but not limited to:
- the right for the disclosure of data collected
- the right to access the users own data
- the request for deletion of the users data
- the ability for the user to opt-out of the sale of their personal data
- the user not to be discriminated against for exercising their CCPA rights.
Anyone who pays taxes to the State of California is a California consumer, therefore CCPA applies to them. That means if your business deals with California consumers then CCPA is the compliance for you.
Why CCPA compliance is a good idea
The reason why CCPA compliance is so important to companies is because of the various fines the regulation comes with if companies fail to comply with the CCPA.
- For noncompliance, companies can be fined $2,500 – $7,500 per violation.
- In the event of exposed personal information due to a breach, consumers gain the right to sue for $100 – $750 per incident.
CCPA is just the beginning. By 2025, expect more states to sign similar legislation, giving every US consumer the right to know exactly how their data is being used. Companies would do well to prepare now rather than wait until the deadline.
How do we do it?
At Rhymetec we make sure that for companies to become CCPA compliant we update their privacy policies. Imperative steps for CCPA compliance include but not limited to:
- Reviewing and understanding what personal information is collected by your business
- Understanding how the personal information collected is used, confirm if the information is sold to third parties or shared and what is the purpose of such sharing.
- Reviewing internal policies and procedures regarding the collection of personal information.
- Update internal and online privacy policies to comply.
- Prepare policies and procedures to make sure your company can respond when customers request access to, deletion from, or information related to the sale or disclosure of their information.
- Implement and prepare technological solutions that process requests made by the customers to opt-out of the sale of personal information.
- Train employees responsible for handling customers’ personal information.
- Review contracts with service providers that have consumer personal information provided by your business.
- Ensure that third party audits of service providers who have access to your consumer personal information are compliant with CCPA.
Deliverables from Rhymetec
Our team is dedicated to delivering premium-tier service to ensure CCPA compliance, from comprehensive data management plans, to fully itemized reports that provide information regarding methodology, findings, potential mitigations, and our recommendations.
Rhymetec specializes in enabling meaningful, real world solutions to the most pressing challenges of the modern enterprise security environment. Assessment and reporting is contextualized to your business sector, and custom-tailored to your specific environment.
Our process is engineered to provide all the data and insights needed for you to make informed decisions and take definitive action.