Does ISO 27001 help CCPA compliance? - Security Boulevard

Does ISO 27001 help CCPA compliance?

In the wake of the increasing concerns over privacy protection, the U.S. state of California passed a new regulation at the end of June of this year to ensure the protection of Californian consumers. Coming into force by January 1, 2020, this law requires new levels of commitment by organizations regarding the handling of information, including severe penalties for noncompliance and security breaches.

This article will show how ISO 27001, the leading standard for Information Security Management Systems (ISMS), can be used to ensure compliance with the clauses of this new regulation.

What is the CCPA?


The California Consumer Privacy Act (CCPA) is a U.S. regulation, from the state of California, related to the processing of personal data of California residents. This regulation has some resemblance to the European Union General Data Protection Regulation (EU GDPR), but while it doesn’t have some of the EU GDPR’s most onerous requirements, in other respects it goes even farther.

Broadly speaking, the CCPA introduces:

  • consumers’ right to know what personal information is being collected;
  • consumers’ right to know whether their personal information is sold or disclosed, and to whom;
  • consumers’ right to say no to the sale of their personal information;
  • consumers’ right to access their own personal information;
  • consumers’ right to equal service and price, even if they exercise their privacy rights;
  • broad definitions of “consumer” (clause 140(g)) and “personal information” (clause 1798.140(o)(1)) and, at the same time, limits to exclusion conditions;
  • multiple thresholds to define who must comply with it.

Who must comply with the CCPA?

If your organization falls under any one of the three thresholds described below, it must comply with the CCPA:

  • companies with annual gross revenues of $25 million per year;
  • companies that obtain the personal information of 50,000 or more (Read more...)

*** This is a Security Bloggers Network syndicated blog from The ISO 27001 & ISO 22301 Blog – 27001Academy authored by The ISO 27001 & ISO 22301 Blog – 27001Academy. Read the original post at: