Filter by Category

What You Need to Know about the California Consumer Privacy Act (CCPA)

get an overview of the California Consumer Privacy Act

Businesses be aware: if you’re located in California or work with customers from California, a new privacy act similar to the GDPR is coming for you. This gives you just 14 months to analyze your current processes and ensure you’ll be in full compliance by January 1, 2020.

A new privacy act for California businesses

Passed by California legislature on June 28th, 2018, the California Consumer Privacy Act (CCPA) aims to crack down on how organizations handle, collect, store, and sell the personal data of California residents.

And it couldn’t come at a better time. Recent data breaches and insecure handling of personal data have led to an increase in the exposure of personal records across the United States (for example, the Facebook/Cambridge Analytica scandal in March). Public awareness of these vulnerabilities is increasing … and consumers are becoming restless.

What does the CCPA entail?

The CCPA strives to give the public control over their information by putting strict rules in place for organizations. Part of the legislature will grant consumers the right to:

  • Request a list of the data that’s been collected about them
  • Understand why that data was collected
  • Know if that data is being sold to third parties
  • Know which third parties have their data
  • Withdraw consent to having their information sold

Organizations will also need to be proactive by disclosing upfront what information they collect, why they collect it, and if they’ll sell it—allowing a customer to decide if they want to complete a transaction before their information is processed. And if a customer asks for their data to be deleted, organizations will need to follow through (within reason) and pass on the request to any third parties who also have that information.

What is the definition of personal information? The CCPA is taking a broad look at “personal data.” If you store any of the following data, you’ll need to disclose it: identifiers (unique and online identifiers), commercial information (records of purchases or purchasing tendencies), biometric information, internet activity (browsing history), geolocation data, professional or employment information, and many others.

Who needs to comply?

Not every business needs to comply with the CCPA—yet. As of 2018, only organizations that make more than $25 million in annual gross income; buy, receive, sell, or share the data of over 50,000 customers or devices; or derive over 50% of their yearly revenue from selling personal data will be expected to comply by January 2020.

However, it isn’t just California that needs to be aware of CCPA. Businesses outside of California that buy, receive, sell, or share the information of California residents must also follow CCPA requirements.

And even if you don’t have California customers, you’re not off the hook. Industry experts predict other states will follow suit, creating legislation similar to the CCPA, in coming years.

The penalty for non-compliance

What’s the kickback for non-compliance in January 2020? Currently, organizations who fail to meet requirements for CCPA will be fined $7,500 per intentional violation. Organizations found non-compliant but “lacking intent” will only be fined $2,500 per violation.

While this may seem like small pennies to some companies, it’s worth noting that monetary fines aren’t the only fallout seen in organizations that don’t ensure full compliance. Consumer unhappiness, distrust, and lost business can also hurt a bottom line. Furthermore, while initial penalties are enforced by California’s state attorney general, customers are still allowed to pursue private action—so the overall cost spent on non-compliance could be higher.

Move toward CCPA compliance with secure file transfers

While the CCPA doesn’t put particular requirements in place to ensure strict cybersecurity practices across an organization, IT teams are still expected to provide easily-accessible data in a “readily usable format” that’s transferred to consumers when asked. Penalties are also stricter for unauthorized access to personal data. Improperly encrypted information and poor user and role management is no longer acceptable.

According to Security Now, “the CCPA expressly paves the way for the right of natural persons to bring lawsuits for the breach of their ‘nonencrypted or nonredacted personal information’ -- even in the absence of evidence of actual damage." For organizations who want to get ahead of this and ensure all data is encrypted and protected from seen and unseen vulnerabilities, secure file transfers may be part of the solution.

If you aren’t already securing your file transfers, GoAnywhere MFT can help. GoAnywhere is an enterprise managed file transfer software that centralizes an organization’s file transfers, audit logs, user management, encryption processes, administration, security settings, and collaboration tools.

From a single interface, IT teams can ensure 100% of file transfers are protected at rest and in transit with trading partners, vendors, external networks, and cloud environments. So whether a consumer asks for their data to be securely transferred to them under the California Consumer Privacy Act or you just need a streamlined way to keep personal information protected from unauthorized access, GoAnywhere can work with you to meet your organization’s file transfer requirements.

Get the Guidance You Need to Develop an Encryption Strategy

Data breaches represent a growing epidemic. “Defending Against Data Breach: Developing the Right Strategy for Data Encryption” offers recommendations on how to encrypt, monitor, and audit the access of sensitive data.

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


Which is Better: AS2 vs. SFTP?

April 15, 2019

Over the last several months, we’ve compared many different file transfer protocols, including SFTP vs. FTPS and SFTP vs. MFT, and MFT vs. Dropbox for secure file sharing. Today, we’re…


Who’s Leading the Managed File Transfer Data Quadrant?

April 4, 2019

For most IT professionals, finding credible, third-party evaluations is critical when researching new software solutions. You want the most comprehensive, honest information you can find to help you…


PGP vs. GPG: What's the Difference?

March 28, 2019

PGP, GPG, GnuPG, Open PGP. These terms file under the same category but refer to slightly different things. If you’re wondering what they mean or what the difference is between them, especially…


16 Surprising Facts about Managed File Transfer

March 21, 2019

Whether you’re already using a managed file transfer (MFT) product or are evaluating your options, the many features and capabilities of MFT software will likely surprise you—in a…


Why You Should Never Use FTP to Transfer Cloud Files

March 7, 2019

The cloud has become an increasingly popular topic among organizations in recent years. From sharing projects via cloud collaboration tools to exchanging files between a company and its trading…