Filter by Category

What You Need to Know about the California Consumer Privacy Act (CCPA)

get an overview of the California Consumer Privacy Act

Businesses be aware: if you’re located in California or work with customers from California, a new privacy act similar to the GDPR is coming for you. This gives you just 14 months to analyze your current processes and ensure you’ll be in full compliance by January 1, 2020.

A new privacy act for California businesses

Passed by California legislature on June 28th, 2018, the California Consumer Privacy Act (CCPA) aims to crack down on how organizations handle, collect, store, and sell the personal data of California residents.

And it couldn’t come at a better time. Recent data breaches and insecure handling of personal data have led to an increase in the exposure of personal records across the United States (for example, the Facebook/Cambridge Analytica scandal in March). Public awareness of these vulnerabilities is increasing … and consumers are becoming restless.

What does the CCPA entail?

The CCPA strives to give the public control over their information by putting strict rules in place for organizations. Part of the legislature will grant consumers the right to:

  • Request a list of the data that’s been collected about them
  • Understand why that data was collected
  • Know if that data is being sold to third parties
  • Know which third parties have their data
  • Withdraw consent to having their information sold

Organizations will also need to be proactive by disclosing upfront what information they collect, why they collect it, and if they’ll sell it—allowing a customer to decide if they want to complete a transaction before their information is processed. And if a customer asks for their data to be deleted, organizations will need to follow through (within reason) and pass on the request to any third parties who also have that information.

What is the definition of personal information? The CCPA is taking a broad look at "personal data." If you store any of the following data, you’ll need to disclose it: identifiers (unique and online identifiers), commercial information (records of purchases or purchasing tendencies), biometric information, internet activity (browsing history), geolocation data, professional or employment information, and many others.

Who needs to comply?

Not every business needs to comply with the CCPA—yet. As of 2018, only organizations that make more than $25 million in annual gross income; buy, receive, sell, or share the data of over 50,000 customers or devices; or derive over 50% of their yearly revenue from selling personal data will be expected to comply by January 2020.

However, it isn’t just California that needs to be aware of CCPA. Businesses outside of California that buy, receive, sell, or share the information of California residents must also follow CCPA requirements.

And even if you don’t have California customers, you’re not off the hook. Industry experts predict other states will follow suit, creating legislation similar to the CCPA, in coming years.

The penalty for non-compliance

What’s the kickback for non-compliance in January 2020? Currently, organizations who fail to meet requirements for CCPA will be fined $7,500 per intentional violation. Organizations found non-compliant but "lacking intent" will only be fined $2,500 per violation.

While this may seem like small pennies to some companies, it’s worth noting that monetary fines aren’t the only fallout seen in organizations that don’t ensure full compliance. Consumer unhappiness, distrust, and lost business can also hurt a bottom line. Furthermore, while initial penalties are enforced by California’s state attorney general, customers are still allowed to pursue private action—so the overall cost spent on non-compliance could be higher.

Move toward CCPA compliance with secure file transfers

While the CCPA doesn’t put particular requirements in place to ensure strict cybersecurity practices across an organization, IT teams are still expected to provide easily-accessible data in a "readily usable format" that’s transferred to consumers when asked. Penalties are also stricter for unauthorized access to personal data. Improperly encrypted information and poor user and role management is no longer acceptable.

According to Security Now, "the CCPA expressly paves the way for the right of natural persons to bring lawsuits for the breach of their ‘nonencrypted or nonredacted personal information’ -- even in the absence of evidence of actual damage." For organizations who want to get ahead of this and ensure all data is encrypted and protected from seen and unseen vulnerabilities, secure file transfers may be part of the solution.

If you aren’t already securing your file transfers, GoAnywhere MFT can help. GoAnywhere is an enterprise managed file transfer software that centralizes an organization’s file transfers, audit logs, user management, encryption processes, administration, security settings, and collaboration tools.

From a single interface, IT teams can ensure 100% of file transfers are protected at rest and in transit with trading partners, vendors, external networks, and cloud environments. So whether a consumer asks for their data to be securely transferred to them under the California Consumer Privacy Act or you just need a streamlined way to keep personal information protected from unauthorized access, GoAnywhere can work with you to meet your organization’s file transfer requirements.

Get the Guidance You Need to Develop an Encryption Strategy

Data breaches represent a growing epidemic. "Defending Against Data Breach: Developing the Right Strategy for Data Encryption" offers recommendations on how to encrypt, monitor, and audit the access of sensitive data.

Latest Posts


Should You Use a File Sharing App?

November 12, 2019

Should You Use a File Sharing App?File sharing apps like Dropbox and Google Drive certainly have their appeal. They are user-friendly, often free, and do the job of getting information from one user…


File Transfers: Do Them the Right Way

November 7, 2019

File Transfer Done Right When it comes to transferring information such as patient files or legal files from point A to point B, you’ve got options. Lots of options. However, not all file transfers…


7 Essential Resources on PCI DSS Security

November 5, 2019

Note from the Editor: This article was originally published in February 2017. It has been updated with resources current to PCI DSS version 3.2.1. Did you know that 80% of…


How Can an EDI Solution Simplify Business Processes?

November 1, 2019

What is EDI? Electronic Data Interchange (EDI) is a flat file format or technology that B2B trading partners use to send and receive business transactions. It’s a straightforward and secure…


We're Emotional - About Ranking #1 in Info-Tech's Newest Report

October 30, 2019

We’ve Caught the Feels We’re emotional, it’s true. Info-Tech's latest results are in for their Managed File Transfer Emotional Footprint Report! Out of nearly 40 vendors evaluated and 580…