California Consumer Privacy Act (CCPA): What You Need to Know

What is the CCPA?

The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that will go into effect on January 1, 2020. The new data security framework will have a major impact on both consumers and businesses, because the regulations apply to any companies – no matter their location – that collect personal information from residents of California.

CCPA covers any data related to customers, including both individual consumers and entities, plus vendors and employees.

Why do you need CCPA?

Businesses need to comply with the California Consumer Privacy Act to stay in operation, as the California attorney general will require compliance for any for-profit organization that falls under the new privacy law’s jurisdiction.

Similar to Europe’s General Data Protection Regulation (GDPR), though with some key differences, CCPA is directed at organizations that handle consumers’ personal information.

If your business handles vendor, consumer or workforce data of any California residents, your organization will need to be in full compliance with CCPA if you also meet one or more of the following:

  • Generates gross revenues of $25 million or more
  • Obtains personal data from 50,000 or more individuals, households or devices
  • Generates 50% or more of your yearly revenues from selling personal information
    If your company can be described with any of the criteria above, then you will need to start preparing for California’s new privacy law framework – if you haven’t already.

While the exact CCPA data privacy guidelines are still evolving, there are many facets of the upcoming privacy law that we already know.

Preparing for CCPA will involve several steps, including:

  • Data mapping to outline which platforms within your organization are collecting personal information, why that data is being collected, how it’s stored and how it flows through your systems and externally
  • Informing consumers of your organization’s privacy policy, including a pop-up privacy notice upon first visit to the site
  • Enable consumers to request all information on the personal data collected on them by your organization
  • Provide a method to delete all personal information after a request to do so is verified
  • Ensure proper data security measures are in place
  • And much more

How can VGS help you achieve CCPA compliance?

VGS vaults your users’ sensitive personal information, replacing the underlying value with an alias that enables you to interact with your sensitive data through the entirety of its lifecycle without needing to possess the data itself. Using VGS’ tools to classify data and control where it is sent, you can swiftly achieve CCPA compliance.

With VGS, businesses can now take advantage of the easiest approach to reducing their CCPA compliance burden, bypassing many of the more complex and challenging elements of the upcoming data privacy framework.

This article was originally posted on Very Good Security.