What is CCPA?
The California Consumer Privacy Act (CCPA) is a legislation imposed on Californian companies in order to protect its consumer’s privacy. It regulates the way organizations collect and store consumer personal information. The CCPA goes into force on January 1, 2020 and will hold companies accountable for protecting their consumers’ data, focusing mainly on profiting from the sale of personal consumer information without their knowledge or consent.
The CCPA emphasizes four basic privacy rights including:
- Right of Access
- Third Party Processing
- Right to be forgotten
- Right to Object/Consent (specific to sale of personal data)
The CCPA emphasizes that Californians have the right “to know whether their personal information is sold or disclosed and to whom”. This provides the consumers with the knowledge of how their personal data is being shared with third parties. With that knowledge, CCPA also grants the consumers the right to opt-out and refuse selling their personal data to third parties.
Based to the CCPA ‘The Right to be forgotten’ requirement, “a consumer shall have the right to request that a business deletes any personal information about the consumer which the business has collected from the consumer.”
How does SecuPi enable CCPA Compliance
SecuPi has built a platform that enables organizations easily implement the technical tooling for meeting the CCPA requirements across hundreds of applications. The SecuPi platform provides discovery, monitoring and controls for achieving the CCPA compliance, which is deployed with no code changes and within days, dramatically reducing the cost and time that would be otherwise needed for achieving compliance across hundreds of applications.
The initial step towards compliance is to first figure out which applications and systems are in scope for the regulation. From there, the organization needs to discover and map where the personal data is located within each of the applications. Once that is set, monitoring and auditing user activity and data access on business application and analytics environments enable to meet the right of access requirement. Finally, the organization needs to have a systematic mechanism for deleting consumer information. Deletion of personal data is no simple task. SecuPi provides the requires technical tools to properly delete personal information without jeopardizing the system’s operability.