California Consumer Privacy Act
Or the new California General Data Protection Regulation
California Law to Protect Online Privacy
California has passed The California Consumer Privacy Act, (CCPA) a digital privacy law granting consumers more control over and insight into the spread of their personal information online, creating one of the most significant regulations overseeing the data-collection practices of technology companies in the United States. It could be known as the new California General Data Protection Regulation. The legislation, which goes into effect in January 2020, makes it easier for consumers to sue companies after a data breach. And it gives the state’s attorney general more authority to fine companies that don’t adhere to the new regulations.
We’ve helped multiple companies prepare and comply with Europe’s General Data Protection Regulation, or G.D.P.R., And we’re here to help your business get ready for the new California digital privacy law. Whether it be updating your Terms and Conditions pages, tracking cookies or setting up consent- Accept or Reject popups. Because the new legislation gives Californians the right to see what information businesses collect on them, request that it be deleted, get access to information on the types of companies their data has been sold to, and direct businesses to stop selling that information to third parties.
How to Comply California Consumer Privacy Act
Many organizations around California and the United States have the California Consumer Privacy Act on their radar. They know that regardless of where they’re based, the regulation affects them if they’re supplying products or services to California citizens or organizations. And they realize that if they don’t comply, it could cause serious damage. Not only hefty fines and legal costs, but also widespread business damage from a tainted reputation.
How to be in compliance with the California Consumer Privacy Act
- First Seek legal help by your current legal team. If you don’t have one familiar with this topic we can recommend one for you
- The second step toward CCPA compliance is to access all your data sources. No matter what the technology
- Then inspect them to identify what personal data can be found in each
- Now your Privacy rules must be documented and shared across all lines of business
- Once Privacy rules are established, it’s time to set up the correct level of protection for the data
- Last, you’ll need to be able to produce reports to clearly show regulators that your compliant
To sum it up; you must investigate and audit what personal data is being stored and used across your data landscape. Once you’ve have access to all the data sources, the next step is to inspect them to identify what personal data can be found in each. privacy rules must be documented and shared across all lines of business. To achieve this, roles and definitions must be established in a governance model.
Then you can link business terms to physical data sources, and establish data lineage from the point of creation to the point of consumption. Then it’s time to set up the correct level of protection for the data; encryption, pseudonymization and anonymization. The easiest way to protect data privacy is actually to press the delete button, keeping only the data you need to run critical business processes.