Filter by Category

What You Need to Know about the California Consumer Privacy Act (CCPA)

get an overview of the California Consumer Privacy Act

Businesses be aware: if you’re located in California or work with customers from California, a new privacy act similar to the GDPR is coming for you. This gives you just 14 months to analyze your current processes and ensure you’ll be in full compliance by January 1, 2020.

A new privacy act for California businesses

Passed by California legislature on June 28th, 2018, the California Consumer Privacy Act (CCPA) aims to crack down on how organizations handle, collect, store, and sell the personal data of California residents.

And it couldn’t come at a better time. Recent data breaches and insecure handling of personal data have led to an increase in the exposure of personal records across the United States (for example, the Facebook/Cambridge Analytica scandal in March). Public awareness of these vulnerabilities is increasing … and consumers are becoming restless.

What does the CCPA entail?

The CCPA strives to give the public control over their information by putting strict rules in place for organizations. Part of the legislature will grant consumers the right to:

  • Request a list of the data that’s been collected about them
  • Understand why that data was collected
  • Know if that data is being sold to third parties
  • Know which third parties have their data
  • Withdraw consent to having their information sold

Organizations will also need to be proactive by disclosing upfront what information they collect, why they collect it, and if they’ll sell it—allowing a customer to decide if they want to complete a transaction before their information is processed. And if a customer asks for their data to be deleted, organizations will need to follow through (within reason) and pass on the request to any third parties who also have that information.

What is the definition of personal information? The CCPA is taking a broad look at “personal data.” If you store any of the following data, you’ll need to disclose it: identifiers (unique and online identifiers), commercial information (records of purchases or purchasing tendencies), biometric information, internet activity (browsing history), geolocation data, professional or employment information, and many others.

Who needs to comply?

Not every business needs to comply with the CCPA—yet. As of 2018, only organizations that make more than $25 million in annual gross income; buy, receive, sell, or share the data of over 50,000 customers or devices; or derive over 50% of their yearly revenue from selling personal data will be expected to comply by January 2020.

However, it isn’t just California that needs to be aware of CCPA. Businesses outside of California that buy, receive, sell, or share the information of California residents must also follow CCPA requirements.

And even if you don’t have California customers, you’re not off the hook. Industry experts predict other states will follow suit, creating legislation similar to the CCPA, in coming years.

The penalty for non-compliance

What’s the kickback for non-compliance in January 2020? Currently, organizations who fail to meet requirements for CCPA will be fined $7,500 per intentional violation. Organizations found non-compliant but “lacking intent” will only be fined $2,500 per violation.

While this may seem like small pennies to some companies, it’s worth noting that monetary fines aren’t the only fallout seen in organizations that don’t ensure full compliance. Consumer unhappiness, distrust, and lost business can also hurt a bottom line. Furthermore, while initial penalties are enforced by California’s state attorney general, customers are still allowed to pursue private action—so the overall cost spent on non-compliance could be higher.

Move toward CCPA compliance with secure file transfers

While the CCPA doesn’t put particular requirements in place to ensure strict cybersecurity practices across an organization, IT teams are still expected to provide easily-accessible data in a “readily usable format” that’s transferred to consumers when asked. Penalties are also stricter for unauthorized access to personal data. Improperly encrypted information and poor user and role management is no longer acceptable.

According to Security Now, “the CCPA expressly paves the way for the right of natural persons to bring lawsuits for the breach of their ‘nonencrypted or nonredacted personal information’ -- even in the absence of evidence of actual damage." For organizations who want to get ahead of this and ensure all data is encrypted and protected from seen and unseen vulnerabilities, secure file transfers may be part of the solution.

If you aren’t already securing your file transfers, GoAnywhere MFT can help. GoAnywhere is an enterprise managed file transfer software that centralizes an organization’s file transfers, audit logs, user management, encryption processes, administration, security settings, and collaboration tools.

From a single interface, IT teams can ensure 100% of file transfers are protected at rest and in transit with trading partners, vendors, external networks, and cloud environments. So whether a consumer asks for their data to be securely transferred to them under the California Consumer Privacy Act or you just need a streamlined way to keep personal information protected from unauthorized access, GoAnywhere can work with you to meet your organization’s file transfer requirements.

Get the Guidance You Need to Develop an Encryption Strategy

Data breaches represent a growing epidemic. “Defending Against Data Breach: Developing the Right Strategy for Data Encryption” offers recommendations on how to encrypt, monitor, and audit the access of sensitive data.

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…


What You Need to Know about the California Consumer Privacy Act (CCPA)

October 30, 2018

Businesses be aware: if you’re located in California or work with customers from California, a new privacy act similar to the GDPR is coming for you. This gives you just 14 months to analyze…


The Best Cybersecurity Strategies for Banks and Financial Organizations

October 18, 2018

Banks and financial institutions, take note: though the year is almost over, no one is safe from a data breach. Industries across the board have seen 4.5 million records stolen so far in 2018—a…


What is Managed File Transfer (MFT)?

October 10, 2018

As companies recognize a need for a solution that meets their file transfer, automation, and encryption needs, the question often arises: what is managed file transfer and how is it different from my…