SBN

Security Implications of California’s Privacy Law (CCPA)

If you were just starting to relax, having fulfilled your compliance responsibilities for GDPR, I can’t help but wonder – have you thought about CCPA yet? Sure, it’ll be easier this time – many of the policies, programs, and safeguards you’ve implemented will apply to CCPA as well – but there are some distinct differences between the European and Californian privacy stances. In this post, I’ll talk about one of the big ones from a privacy perspective: the shift to identifiable households (rather than individuals). I’ll also discuss the change that means this privacy law has consequences for your security – because Californians are entitled to a private right of action under this law, which means that should their personal information be exfiltrated or stolen from your business, it is not only subject to hefty fines, but also lawsuits that can recover statutory damages between $100 and $750 per incident, per person. Or more, if there are actual damages. Let’s have a look!

Why should I care? I’m not in California!
Like GDPR and the recent NYS DFS Cybersecurity regulation, businesses are not required to be based in the specific geography that the law is from in order to be bound by it. You don’t even need to have a physical presence there. If your company does business in California, and you meet at least one of these other eligibility requirements below, you are subject to the CCPA.

  • Has annual gross revenues in excess of twenty-five million dollars
  • Alone or in combination, annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices
  • Derives 50 percent or more of its annual revenues from selling consumers’ personal information


Why “Household” Is Important

(Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Adam Mansour. Read the original post at: https://www.intelligonetworks.com/blog/ccpa-security-implications