Achieving CCPA Compliance Cost-Effectively

What is the California Consumer Privacy Act?

The California Consumer Privacy Act (CCPA) is a bill intended to enhance privacy rights and consumer protection for residents of California. The intention of CCPA is to provide California residents with the right to:

  • Know what personal data is being collected about them.
  • Know whether their personal data is sold or disclosed and to whom.
  • Say no to the sale of personal data.
  • Access their personal data.
  • Request a business to delete any personal information about a consumer collected. This is not the GDPR’s “right to be forgotten”
  • Not be discriminated against for exercising their privacy rights.

Our clients have had numerous questions about how the law will change the way they handle sensitive data and the various requests they may receive from their customers who request data collection information or want to know other information about their PII. Let’s start with what businesses can do in order to comply with the major responsibilities mandated by the legislation. The following are measures a business should take prior to the legislation going into effect on January 1, 2020:

  • “Do Not Sell My Personal Information” information that will direct users as to how they, or someone they authorize, can opt out of the sale of their personal information
  • Designate methods for submitting data access requests
  • Update privacy policies with newly required information, including a description of California residents’ rights
  • Avoid requesting opt-in consent for 12 months after a California resident opts out
  • Implement processes to obtain parent or guardian consent for minors under 13 years and the affirmative consent of minors between 13 and 16 years to data sharing for purposes

Assessment – Identify PII sources, map systems, evaluate the data governance structure, assess risk, conduct 3rd party risk assessments, and address data sharing relationships.

Design – Update privacy policies and procedures, categorize personal information (PII), and create solutions to handle consumer data requests.

Implementation – Establish controls to prevent, detect, and respond to consumer data requests and security incidents.

Ongoing Monitoring and Consultation – Maintain required documentation, manage data requests and breach notifications, automate consumer request handling, and perform consistent data governance.

The Benefits of SecureOps CCPA, Privacy and Compliance Solutions

The CCPA is the beginning of “America’s GDPR.” CCPA is the first state privacy law of its kind, and it may be just the beginning; the future of domestic privacy legislation in the United States is just starting to unfold with this new law. SecureOps offers a cohesive team of privacy and security professionals experienced helping our customers prepare for GDPR. SecureOps will help your organization handle CCPA compliance, including operational and structural requirements. We’ll also help you prepare for future privacy legislation. We’ll help you handle the most impactful requirements of CCPA including:

  • Data inventory and mapping of in-scope personal data and instances of “selling” data
  • New individual rights to data access and erasure
  • New individual right to opt-out of data selling
  • Updating service-level agreements with third-party data processors
  • Remediation of information security gaps and system vulnerabilities

Learning More About the California Consumer Privacy Act

Privacy and compliance legislation like CCPA and GDPR are fundamentally changing the way organizations collect, manage, store, and share/sell the personal data (PII) of their prospects and customers. The CCPA mandates fines including a floor of $100 and a ceiling of $750 per consumer per incident. And penalties for compliance of $2,500 per unintentional violation and $7,500 per intentional violation. Thus, any breach or compliance penalty will likely result in real financial damage.

To Learn More Read Our Blog Post on CCPA or Contact Us at
1 (888) 982-0678