What is the CCPA?

​The  California Consumer Privacy Act (CCPA) is a comprehensive data privacy  law that will go into effect on January 1, 2020. The new data security  framework will have a major impact on both consumers and businesses,  because the regulations apply to any companies – no matter their  location – that collect personal information from residents of  California.

CCPA covers any data related to customers, including both individual consumers and entities, plus vendors and employees.

Why do you need CCPA?

​Businesses  need to comply with the California Consumer Privacy Act to stay in operation, as the California attorney general will require compliance for any for-profit organization that falls under the new privacy law's jurisdiction.

Similar to Europe's General Data Protection Regulation (GDPR), though with some key differences, CCPA is directed at organizations that handle  consumers' personal information.
If your business handles vendor, consumer or workforce data of any California residents, your organization will need to be in full compliance with CCPA if you also  meet one or more of the following:

  • Generates gross revenues of $25 million or more
  • Obtains personal data from 50,000 or more individuals, households or devices
  • Generates 50% or more of your yearly revenues from selling personal information
    If  your company can be described with any of the criteria above, then you  will need to start preparing for California's new privacy law framework –  if you haven't already.

While the exact CCPA data privacy  guidelines are still evolving, there are many facets of the upcoming  privacy law that we already know.

Preparing for CCPA will involve several steps, including:

  • Data  mapping to outline which platforms within your organization are  collecting personal information, why that data is being collected, how  it's stored and how it flows through your systems and externally
  • Informing consumers of your organization's privacy policy, including a pop-up privacy notice upon first visit to the site
  • Enable consumers to request all information on the personal data collected on them by your organization
  • Provide a method to delete all personal information after a request to do so is verified
  • Ensure proper data security measures are in place
  • And much more

For assistance on this contact Very Good Security: How can VGS help you achieve CCPA compliance?

​VGS  vaults your users' sensitive personal information, replacing the  underlying value with an alias that enables you to interact with your  sensitive data through the entirety of its lifecycle without needing to  possess the data itself. Using VGS' tools to classify data and control  where it is sent, you can swiftly achieve CCPA compliance.

With VGS, businesses can now take advantage of the easiest approach to  reducing their CCPA compliance burden, bypassing many of the more  complex and challenging elements of the upcoming data privacy framework.

Article authored by Ena Kadribasic, previously published on September 12, 2019

California Consumer Privacy Act (CCPA): What You Need to Know
The California Consumer Privacy Act (CCPA) takes a broader view than the GDPR of what constitutes private data. CCPA gives Californians the right to forbid companies to sell their information to third parties.