Do you do business in California? Do you generate more than $25M in revenue?
Since January 1, 2020, when CCPA became active.
Are you familiar with the 12-month look back?
As currently written, the CCPA is a confusing piece of legislation. It requires certain things from certain companies, depending on the types of data being processed, and the purpose for processing that data. It references other, existing California statutes that deal with the maintenance of customer records, unauthorized loss of data, and breach notification. Were you aware of these existing obligations for compliantly conducting business in California? Are you aware of the interplay between old laws and new ones?
CCPA Links: Californians for Consumer Privacy |CA Attorney General’s webpage |California Consumer Privacy Act of 2018 | ACSM CCPA Readiness Assessment
For example, did you know that your website may be required to state “Do Not Sell My Personal Information,” and you need to be able to implement any changes in your business to support the request (including a toll-free phone number)? This is where ACSM can help! We excel at defining and implementing the best changes to your specific business processes.
Also under CCPA, similar to GDPR’s Data Subject Access Requests, your business will now need to be able to support verifiable consumer requests. ACSM has deep experience with these processes and demonstrated compliance for companies implementing these changes in the most lightweight and adequate ways.
Are you already GDPR compliant? ACSM can help you get to CCPA compliance in short order. There are key differences in the legislative construction, intent, and implementation of these similar, but different regulations on the processing of personal data.
Did you know the average cost of a data breach is nearly $3.9M, with a cost of $150 per record lost? This is per the annual IBM/Ponemon report (https://www.ibm.com/security/data-breach). Under the CCPA, this figure could increase to $750 per consumer per incident. The CCPA also gives a private right of action to affected consumers. Are you protected from liability?
If you are new to privacy compliance, then we might recommend starting with a quick privacy assessment to help you understand any gaps and prepare for making adjustments to the new standards.
We can also provide the needed technologies and processes to help you streamline your Incident Response and Breach Notification processes, no matter where you do business.