Filter by Category

What You Need to Know about the California Consumer Privacy Act (CCPA)

get an overview of the California Consumer Privacy Act

Businesses be aware: if you’re located in California or work with customers from California, a new privacy act similar to the GDPR is coming for you. This gives you just 14 months to analyze your current processes and ensure you’ll be in full compliance by January 1, 2020.

A new privacy act for California businesses

Passed by California legislature on June 28th, 2018, the California Consumer Privacy Act (CCPA) aims to crack down on how organizations handle, collect, store, and sell the personal data of California residents.

And it couldn’t come at a better time. Recent data breaches and insecure handling of personal data have led to an increase in the exposure of personal records across the United States (for example, the Facebook/Cambridge Analytica scandal in March). Public awareness of these vulnerabilities is increasing … and consumers are becoming restless.

What does the CCPA entail?

The CCPA strives to give the public control over their information by putting strict rules in place for organizations. Part of the legislature will grant consumers the right to:

  • Request a list of the data that’s been collected about them
  • Understand why that data was collected
  • Know if that data is being sold to third parties
  • Know which third parties have their data
  • Withdraw consent to having their information sold

Organizations will also need to be proactive by disclosing upfront what information they collect, why they collect it, and if they’ll sell it—allowing a customer to decide if they want to complete a transaction before their information is processed. And if a customer asks for their data to be deleted, organizations will need to follow through (within reason) and pass on the request to any third parties who also have that information.

What is the definition of personal information? The CCPA is taking a broad look at “personal data.” If you store any of the following data, you’ll need to disclose it: identifiers (unique and online identifiers), commercial information (records of purchases or purchasing tendencies), biometric information, internet activity (browsing history), geolocation data, professional or employment information, and many others.

Who needs to comply?

Not every business needs to comply with the CCPA—yet. As of 2018, only organizations that make more than $25 million in annual gross income; buy, receive, sell, or share the data of over 50,000 customers or devices; or derive over 50% of their yearly revenue from selling personal data will be expected to comply by January 2020.

However, it isn’t just California that needs to be aware of CCPA. Businesses outside of California that buy, receive, sell, or share the information of California residents must also follow CCPA requirements.

And even if you don’t have California customers, you’re not off the hook. Industry experts predict other states will follow suit, creating legislation similar to the CCPA, in coming years.

The penalty for non-compliance

What’s the kickback for non-compliance in January 2020? Currently, organizations who fail to meet requirements for CCPA will be fined $7,500 per intentional violation. Organizations found non-compliant but “lacking intent” will only be fined $2,500 per violation.

While this may seem like small pennies to some companies, it’s worth noting that monetary fines aren’t the only fallout seen in organizations that don’t ensure full compliance. Consumer unhappiness, distrust, and lost business can also hurt a bottom line. Furthermore, while initial penalties are enforced by California’s state attorney general, customers are still allowed to pursue private action—so the overall cost spent on non-compliance could be higher.

Move toward CCPA compliance with secure file transfers

While the CCPA doesn’t put particular requirements in place to ensure strict cybersecurity practices across an organization, IT teams are still expected to provide easily-accessible data in a “readily usable format” that’s transferred to consumers when asked. Penalties are also stricter for unauthorized access to personal data. Improperly encrypted information and poor user and role management is no longer acceptable.

According to Security Now, “the CCPA expressly paves the way for the right of natural persons to bring lawsuits for the breach of their ‘nonencrypted or nonredacted personal information’ -- even in the absence of evidence of actual damage." For organizations who want to get ahead of this and ensure all data is encrypted and protected from seen and unseen vulnerabilities, secure file transfers may be part of the solution.

If you aren’t already securing your file transfers, GoAnywhere MFT can help. GoAnywhere is an enterprise managed file transfer software that centralizes an organization’s file transfers, audit logs, user management, encryption processes, administration, security settings, and collaboration tools.

From a single interface, IT teams can ensure 100% of file transfers are protected at rest and in transit with trading partners, vendors, external networks, and cloud environments. So whether a consumer asks for their data to be securely transferred to them under the California Consumer Privacy Act or you just need a streamlined way to keep personal information protected from unauthorized access, GoAnywhere can work with you to meet your organization’s file transfer requirements.

Get the Guidance You Need to Develop an Encryption Strategy

Data breaches represent a growing epidemic. “Defending Against Data Breach: Developing the Right Strategy for Data Encryption” offers recommendations on how to encrypt, monitor, and audit the access of sensitive data.

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


10 Ways to Achieve File Transfer Automation with GoAnywhere MFT

January 14, 2019

Here’s a fun fact: When it comes to streamlining file transfer processes, automation is the supporting sidekick to any IT or cybersecurity professional. Like Robin supports Batman…


Which is Better: Dropbox vs. MFT?

January 9, 2019

So you’re looking for a way to securely share files with your team. Great! There are plenty of tools you can use today to collaborate and share documents as projects arise. Some are on-premises…


Data Breach and Incident Response Plans | 2019 Templates & Best Practices

December 27, 2018

Every year, organizations hope that statistics for data breaches will improve, that things will be better than the year before. And every year, they are dismayed to discover that even though…


How One Global Health IT Company Achieves PCI-Compliant File Transfers with an MFT Solution

December 21, 2018

Compliance audits can be stressful, especially when they come on the heels of data security standard updates and deadlines. For one global health technology company, a looming PCI DSS audit not only…


What is FTPS?

December 4, 2018

Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. How does it work, you…