info@xterralink.com (916) 608-9902 LiveChat

California Consumer Privacy Act (CCPA) Services

Safeguarding Your California Privacy Assets

California Consumer Privacy Act (CCPA)

ccpa

About the California Consumer Privacy Act (CCPA) of 2018 - When it takes effect on January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) will have a sweeping effect on businesses in California and across the globe. The CCPA applies to a broad scope of information about California residents, and despite the law’s name, not only when they act as consumers. Information about employees, job applicants, business contacts, students and other categories of individuals is also in scope, as is information about households and devices. As a result, the CCPA regulates an arguably broader scope of information than any other privacy law in the world. The CCPA is enforced primarily by the California Attorney General, who may seek civil penalties of up to $2,500 per violation or $7,500 per intentional violation. However, the law also provides a private right of action for data breaches arising from violations of California’s data security law and entitles affected individuals to seek recovery of $100-$750 in statutory damages per consumer per incident or actual damages, whichever is greater. The California legislature hastily passed the CCPA to pre-empt a more stringent November 2018 ballot measure. As a result, the 10,000-word law contains a number of drafting errors and ambiguous provisions. So called “technical amendments” enacted in September 2018 did little to resolve the law’s ambiguities. The California Attorney General is required to issue regulations on numerous aspects of the CCPA by July 1, 2020 and cannot bring enforcement actions until it publishes the final regulations. While the regulations should offer clarity on some points and more amendments are possible, the CCPA’s core provisions are expected to remain intact. In any event, January 1, 2020 remains the compliance deadline and the effective date of the private right of action for data breaches. The breadth of the law and the potential difficulty of operationalizing its requirements create strong incentives to begin preparing for the CCPA sooner than later.


At xTerralink, our team will help you in all aspects of your CCPA program, including but limited to:


  • 1.1 xTerraLink’s CCPA Framework
  • 1.2 CCPA Readiness
  • 1.3 CCPA Program Needs
  • 1.4 CCPA Awareness Training

1.1 xTerraLink’s CCPA Framework

ccpa

On June 21, 2018 California legislatures enacted Assembly Bill (AB375 “California Consumer Privacy Act”) requiring business to disclose categories and specific pieces of information collection about California consumers, as well as the business reason for collecting of selling that information, and the categories of third parties that receive the consumer information. The bill also prohibited the sale of personal information related to a consumer under the age of 16 without the explicit (i.e., opt-in) consent.



1.2 CCPA Readiness

ccpa

Businesses that are doing business in California, headquartered in California and doing business in California that meet any of the measure below must take action to comply with CCPA. xTerraLink recommends each entity that fall within the requirement of the CCPA to begin a readiness program. The readiness program includes serious considerations of the data and data management life-cycle.



1.3 CCPA Program Needs

ccpa

Prepare for privacy, it starts in California and will eventually proliferate and become a standard by which others states will follow. Privacy is here to stay and business must take control and understand individual rights. xTerraLink offers a simplistic approach to help your organization progress towards compliance with CCPA.



1.4 CCPA Awareness Training

ccpa

Best strategy for a successful compliance with CCPA is to ensure that the enterprise in its entirety fully comprehends and understands CCPA. The most important element starts with a tone from the top that consumer personal information privacy is a right and everyone within the enterprise must be accountable for the proper handling of information. Next the enterprise must deploy the appropriate levels of awareness training that focuses on the core of the regulation. xTerraLink, a leader in information privacy and security has a CCPA Awareness Training that includes but not limited to modules that cover the following topics:

  • 1. CCPA Regulation
  • 2. What is Personal Information Under CCPA
  • 3. What is the definition of Privacy Policy and a Privacy Notice
  • 4. What is the right to access personal information
  • 5. What is the right to delete personal information
  • 6. What is the right to be informed of personal information being sold or disclosed
  • 7. What is the right to opt-out of the sale of personal information
  • 8. What is the right to data portability
  • 9. What is the requirement to opt-in for children under the age of 16

If you have questions or need assistance with the CCPA, please click the button below to contact one of our xTerralink member team.

CCPA Framework Learn More