DATA ASSURANCE TO COMPLY WITH CCPA
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a bill passed by the state of California legislature on June 28, 2018. The CCPA is set to be the toughest privacy law in the United States. It broadly expands the rights of consumers and requires companies within scope to be significantly more transparent about how they collect, use, and disclose personal information.
“The CCPA was effective January 1, and enforcement was slated to begin no later than July 1, 2020.
The CCPA is one of the first laws to show that the US is following the current trend toward more rigorous global privacy regulations.
The CCPA has many similarities to the GDPR (General Data Protection Regulation), from its extraterritorial reach to its expansive rights for individuals, and will likely impact tens of thousands of businesses worldwide that have customers or employees located in California.
WHY TO COMPLY WITH THE CCPA?
Fines for noncompliance can add up quickly; these fines are in addition to any loss of goodwill or consumer trust.
For example, because the definition of “Personal information” may include information collected from devices, a company that collects data from California mobile phone users could face millions of dollars in penalties if they are found to be non-compliant and incur the maximum fine of $750 per violation (2,000 phones = potential $1.5 million dollar fine).
CCPA requires companies to think differently about their customers and how personal data is used.
Transparency and communication about where a customer’s data goes or what it’s used for is necessary to doing business in the digital age. The new regulations signal a shift in expectations between customers and companies, and so companies will have to work harder to gain and keep customer trust.
Companies who provide customers more control and choice over their data can build customer relationships by using that as a competitive edge.
CCPA PRINCIPLES
Transparency
A business (controller) is under an obligation to provide consumers information such as the categories of personal information to be collected the purposes for which the personal information will be used and the categories of third parties with whom the business shares personal information. Include this information in the businesses privacy policy and update the policy at least once every 12 months.
Data Deletion
Businesses (controllers) are required to convey deletion requests to their service providers. Service providers are liable for civil penalties under the CCPA. Otherwise, obligations for “processors” are much more rigorous in the GDPR.
Data Portability & Access
The CCPA provides consumers the rights of access and data portability. Consumers have the right to obtain from a business their personal information, including the categories and specific pieces of information collected the categories of third parties with whom information is shared; and the categories of sources from which the information was .Consumers also have the right to obtain their personal information in a format that allows the consumer to transmit it to another organization. Businesses need to respond within 45 days.
Individual Rights to Deletion
The CCPA provides consumers the right of deletion. Consumers may request that businesses delete their personal information.
CCPA COMPLIANCE PLAN
CCPA COMPLIANCE PLAN PROCESS
Build a Compliance Plan >>>>>
- Determine whether the CCPA applies to any part of the business, and whether the requirements related to collection, sale, or both, are applicable.
- Conduct a gap analysis against current individual rights management policies and procedures and transparency practices.
- Determine which business processes and activities are in scope for CCPA and which involve minors.
- Create a data inventory of your data elements and/or update data flow maps relevant to the collection, sale, and disclosure of personal information (which are in scope).
- Determine which CCPA individual rights apply to each business process or activity.
Implement the Compliance Plan >>>>
- Determine whether to offer any financial incentives for the sale of personal information.
- Develop updates to individual rights management policies and procedures.
- Update Privacy Policies to include required disclosures under CCPA.
- Update contracts with vendors and third parties with whom personal information is shared.
- Implement individual rights mechanisms to effectively manage incoming requests from consumers.
BUSINESS BENEFITS
Easier,
Affordable & Scalable
To secure, store, analyze and gain insights from virtually unlimited amounts of data in a cost-effective manner to improve performance, reduce costs and enable predictive analytics.
Enhance Governance
of Restricted Data
Mapping of data to critical data elements ensuring restricted data is effectively validated by customizing the workflows and used for ongoing CCPA compliance as the law evolves.
Improved Customer
Loyalty
By anticipating customer needs and developing a strategic communication plan, you can keep your business top-of-mind. Well-timed and informative communications are at the heart of building those ongoing customer relationships.
Operationalize
Regulatory Policies
Govern regulatory policies in a centralized location. Define and document policies, controls, Governance processes, Critical Data Elements, Data Categories, Data Subcategories, DQ dimensions and DQ rules
Reduce Compliance
Risk by Monitoring Risk Reports
Track and analyze Data risk effectively by monitoring the reports to mitigate business impact.
PLATFORM(DIP) SOLUTION FOR REGULATORY COMPLIANCE
Data Insights Platform (DIP) is a Data Governance framework designed specifically for Regulatory compliance , with pre-configured content like Policies, Controls, data categories, Sub-Categories, Critical Data Elements, workflows, reports, dashboards, and more.
Data Insights Platform (DIP) offers a centralized location where you can document, govern and collaborate around privacy and security policies to ensure they are effectively managed across the enterprise. It also allow organizations to establish a data mapping system to record processing activities and perform data Quality assessments.
Data Insights Platform (DIP) provides a sustainable approach to regulatory policies by managing the compliance through risk evaluations and assessments then take remediation actions as issues arise. Manage approvals, identify risk controls and tailor workflows to match specific business needs. Monitor compliance progress through easy-to-understand dashboards and reports which shows the regulatory violations details.
AMURTA’s Data Insights Platform is an enterprise-level solution that enhances productivity and perform better by turning raw data into actionable insights. This platform put people and process in place which improves automating the data governance and data management to deliver the trusted data to the business users who can quickly chart out the reality of data, its lineage, and usage across the policies, processes, projects, and regulation.
SPEAK TO OUR EXPERTS TODAY
If you have queries we are ready to discuss how our Data Insights Platform can help you in improving your organization governance process.