What is the California Consumer Privacy Act?
The California Consumer Privacy Act (AB 375, or CCPA for short) is a law passed by California’s state legislature in June of 2018. As indicated by its name, the law focuses on personal data and is designed in large part to enable California citizens to more easily and readily request, delete, or protect their personal information stored and processed in an organization’s environment. The CCPA will take affect on January 1, 2020.
The new regulation comes as a response to a demand for stricter regulations and stronger enforcement for businesses whose practices result in the mishandling or the exploitation of their customers’ private data.
As detailed below, the CCPA establishes a new privacy framework for Covered Businesses by:
- Creating an expanded definition of personal information for purposes of the Act;
- Creating new data privacy rights for California consumers, including rights to know, access, have deleted and opt out of the sale of their personal information;
- Imposing special rules for the collection of consumer data from minors; and
- Creating a new and potentially severe statutory damages framework for violations of the Act and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches.
How will the CCPA affect my organization?
The California proposal has drawn comparisons to the European Union’s General Data Protection Regulation (GDPR), since both schemes seek to regulate the use of consumer data.
Californians can opt out of the sale of their personal information by specific firms. It will enable the state’s residents to sue businesses under certain circumstances — if, for example, a company failed to implement reasonable security procedures and subsequently suffered a data breach — and to collect $1,000 per violation.
Additionally, the CCPA will give consumers the right to know when a business sells or discloses their information for a business purpose.
The CCPA does include an exemption for small businesses that collect less than $50 million in annual revenue and meet certain standards. Many smaller organizations with less than $1 billion of assets would probably qualify for the exemption.
Affected companies will have to compile a tally of every company to whom they disclose information about a California customer for business purposes. Retailers, banks, electric companies, or any organization that operate in California will either have to create a separate process for handling the personal data of the state’s residents, who make up about 12% of the U.S. population, or apply the Golden State standards nationwide.
How about my systems and what do I need to think about?
The digital economy requires you to be innovative. With regards to the regulation, you need a competitive service offering that provides transparency to internal operations, customers and partners.
By using a reliable, secure and scalable infrastructure provided by a modern business integration platform, you can:
- Manage and secure the increase in data and streamline all data flows
- Automate operational controls that relate to the regulation
- Gain insight into operational performance
- Manage any channel to deliver innovative products and services while leveraging existing assets
How can SEEBURGER help?
Given SEEBURGER’s experience with GDPR and other similar regulations we can help you secure personal and customer data, and help you structure and automate your related business processes using our Managed File Transfer (MFT) solution.
An advanced MFT solution will go a long way to ensuring that routine transfers of business sensitive and personal data is processed and transferred in a way that can help you with your readiness. MFT securely transfers personal data to and from companies that must adhere to a specific compliance, solving below problems;
I need to send a customer their data, and be certain that it will not be lost, or breached.
SEEBURGER MFT can do so via encryption of data in motion and at rest.
I need to be able to ensure that the data I send my client is the correct data.
With secure SEEBURGER MFT you gain a risk free, non-repudiation solution to send all customer data
- Data integrity checks
- Comprehensive transfer logging
I have many tools and existing solutions in place at my organization, where files are being moved in between, and these files might include personal data. I don’t want to rip and replace these existing systems, and I want to make sure that my files are managed in a secure way.
SEEBURGER MFT will integrate with existing security systems seamlessly, following relevant business processes, and doesn’t require your organization to replace current systems.
Become ready today and secure your personal and customer data! Find out how SEEBURGER can help you adhere to the CCPA: Read more
Get in contact with us!
We are looking forward to your message.