CCPA: No Extensions, No Excuses

California’s Consumer Privacy Act (CCPA) came into effect on the first of January 2020, and while we haven’t seen any CCPA penalties handed out yet, I’m betting one is coming any day now.  Given provocative comments from California’s Attorney General, companies recognize they must get compliant in a hurry. Those who don’t are looking at a $2,500 fine for unintentional violations, and $7,500 for intentional ones. And that’s per violation—how many individuals’ data does your company handle?

Of course, I covered the eligibility requirements, and definitions of relevant terms (like “household identifiable information”) back when CCPA milestone dates were announced. As a refresher, if your company captures data on Californians you need to comply with CCPA if you meet any one of these eligibility requirements:

  • Has annual gross revenues in excess of twenty-five million dollars
  • Alone or in combination, annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices
  • Derives 50 percent or more of its annual revenues from selling consumers’ personal information

FUD notwithstanding, I’m choosing to focus on demonstrating your progress toward achieving compliance in case you hear from California’s Attorney General. So, what are the quickest, easiest steps to implement changes that will not only demonstrate your effort to comply but also improve your data security?

1. Audit Your Information

The risk of fines exists despite specific stipulations within CCPA still being a ‘moving target’ – as California is still collecting feedback from companies and residents until July.

One step you need to take now—since you’ll need to know it down the road anyway—is understanding what sensitive information you collect and store. Not knowing the answer to this question when asked by the AG’s office is a (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Adam Mansour. Read the original post at: