The California Consumer Privacy Act of 2018 (CCPA)
Effective on January 1, 2020, the California Consumer Privacy Act of 2018 offers many new and wide-ranging privacy rights for California residents. Among these are a right to be informed about personal data collected by a business and a right to access and delete that information, a right to prevent personal information from being sold to third parties, and a right to data portability. Each of these rights comes with an equivalent mandate on a business that holds personal information and the key to meeting these mandates is data discovery and classification.
The California Consumer Privacy Act, gives a broad definition of “personal information.” Categorizing personal information such as biometric data, geolocation data, inferences about consumer and psychometric data. This law is enforced by California attorney general and consumers will still maintain the right of action in the case of a data breach or if a company fails to provide reasonable security practices that disclose or expose access to personal data.
How Spirion Helps Advance CCPA Compliance
Data Inventory Creation. Spirion’s AnyFind® technology identifies, remotely or locally, both structured and unstructured personal data throughout your organization in share files, emails, Websites, databases, Microsoft SharePoint, and cloud storage, all with the industry’s highest precision, for rapid creation of data inventories.
Deletion of Personal Information. Spirion’s Workflow and Classification engine enables automated deletion of files containing personal information or redaction of personal data elements, according to criteria you set.
Information Security. Spirion’s Sensitive Data Watcher™ advances compliance with the Act’s requirement to provide appropriate “security procedures and practices” using a combination of data classification and triggers that automatically notify data protection staff of policy violations for immediate response.
Implementing an Effective Data Protection Classification Policy
Transforming paper classification policies into dynamic ones requires embedding intelligence into personal data
Data security classification doesn’t merely tell how important a given piece of information is, it tells an enterprise’s data protection program what to do with it. Spirion’s data classification technology imbeds into personal information all of the needed labels that define what can be done with it as prescribed by regulations and requirement standards on how to protect it. In doing so, Spirion transforms traditional paper-only classification policies into dynamic ones.
Customer and Consumer Data Journey
Develop a Data Inventory – Rapidly build a precise, evergreen inventory
Disclose Personal Information Collected – Precisely disclose to consumers and the public the nature of personal data collected
Identify Personal Information Data Sharing – Identify personal data shared with third parties
Delete Personal Information – Delete personal information according to the statute’s requirements
Employ Technical Controls – Encrypt, quarantine, relocate or delete personal or confidential data
Implement a Post-Breach Cure – Understand the scope and depth of a breach for effective implementation of a post-breach cure
Even though the law comes into effect in 2020, as of right now, only applies to California residents, we may see much bigger issues and implications for companies and service providers that deal with consumer data and consumer rights. Companies and retailers that have Californian customers will have to change to global data protection and reform their data rights structure and privacy policies to completely comply with the new privacy law. We will probably see amendments to the privacy protection law as the months pass and need to be ready and completely compliant by 2020. With Spirion’s AnyFind™ technology, we can help you locate any data such as social security, credit card numbers or company-specific intellectual property – keeping you compliant with the California Consumer Privacy Act.