Why Your Organization Needs to Become California Consumer Privacy Act (CCPA) Compliant

Over the past decade, organizations are getting familiar with the different new privacy laws being enforced by governments. In 2018, GDPR went into effect and we are seeing the huge impact this law has had on organizations when dealing with people’s personal data. Now, there’s another major regulation that just went into effect.
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) went into effect and sets new requirements and rights relating to personal information of California consumers. This is the first state-level privacy law in the United States.
Data-driven companies are quickly making the right adjustments with the new regulation into their system, similar to how they prepared for GDPR. 
Despite not knowing how much of an impact this new regulation will have on organizations, it’s always best to prepare and be compliant. In this blog post, we will explain what the CCPA is, how it will impact your business and any other lingering questions you may have about CCPA. 

What is the CCPA?

The CCPA was created in order to protect the privacy and personal data of consumers who live within the state of California. The CCPA grants people the right to know what information businesses are storing about them. The act additionally gives people the right to tell businesses they cannot use their personal information.
Similar to GDPR, people may request that a business discloses the types of personal information it collects, the purpose of collecting that information, and who the information is being sold to. According to the regulation, people are allowed to request this data report twice a year, free of charge.

Why did California pass CCPA?

The California legislature approved the CCPA regulation after the mining of personal data was brought to light in 2018 with the famous data mining Cambridge Analytica scandal and how the congress hearing proved how vulnerable personal information can be misused. The state desired to create more laws that will implement better data privacy control and transparency.   
According to CNET, more states are considering similar laws and similar proposals are being presented at the federal level.

What CCPA Means for Consumers

The CCPA regulation provides California residents with 4 basic rights with their personal information:

• The right to know what personal information, including specific pieces of information which are being stored and what the business is doing with the information.
• The right to request that the business who is storing their information delete their personal information.
• The right to opt-out of the sale of their personal information. 
• If a consumer takes advantage of their rights under the CCPA, freedom from discrimination of price or services. However, a business may offer financial incentives, including payments to consumers, for the collection, sale, or deletion of personal information

How Do I Know If My Organization Is Impacted by the CCPA?

The CCPA regulation affects any organization that collects, shares, or sells California residents’ personal data and meets any of the following three criteria:

• Has an annual gross revenue of $25 million or more.
• Possesses the personal information of 50,000 or more consumers, households, or devices.
• Earns more than half of its annual revenue by selling personal information.

How Can My Organization Become CCPA Compliant?

Your organization can implement different privacy steps to ensure consumers are able to exercise their rights under the CCPA. Here are the key steps to make:

• Provide two or more methods for consumers to submit requests about their personal information. At a minimum, these methods must include a toll-free telephone number and at least one additional method such as a designated email address or online form.

• Establish protocols to respond to consumer requests within 45 days of receiving them.

• Update your privacy policies to include new CCPA privacy rights.

• Analyze your data collection and documentation processes. Ensure that you are able to track how you collect data, how you use it, where it resides, and have a system in place to provide consumers with this information. 

• Provide consumers with notice that their personal information is being sold. Implement a process to honor opt-out requests in a timely manner.

• Assess and document your data security practices to ensure your business takes the necessary steps to avoid data theft and any other security breaches. 

Make sure your legal team reviews the entire CCPA initiative to identify all steps your business must implement to remain CCPA compliant. We highly recommend that you educate your entire staff on the main factors of CCPA compliance. 

Meeting CCPA with a Zero Trust Network As a Service

Although the law requirements are clear, CCPA does not provide a technical direction on how to meet these standards. Instead, organizations are required independently to create a plan to meet data security requirements. Admittingly, this sounds quite data-heavy, but each of these benchmarks can be easily met using a Zero Trust Network as a Service platform.
A Zero Trust Network as a Service (ZTNA) uses pre-shared keys to identify, authenticate and authorize user access. Using a ZTNA which offers a centralized cloud management platform, an entity can create customized user access to sensitive data – including cloud environments, SaaS services, sandbox and production environments, and more.
Additionally, any data which passes over any network is secured with advanced encryption. This creates a virtual tunnel so data can’t be intercepted by users who don’t have access. By offering network visibility and identifying risks and vulnerabilities to your systems and data, detailed activity reports provide insight into which resources are being accessed, what applications are being used, and how much bandwidth is being consumed.

Accelerate Your CCPA Compliance with Perimeter 81

At Perimeter 81, we are committed to protecting your company’s data and your customers’ data. In order to ensure complete CCPA compliance, we have:

• Undergone a full third-party audit
• Updated our terms of service and Privacy Policy
• Ensured that our platform meets all data storage requirements

To help you navigate the CCPA and secure your clients’ data, we provide:

• Automatic protection on unsecured public Wi-Fi
• 256-bit AES encrypted network connections, both on-site and remotely secured
• Secure, policy-based access management
• Monitoring, logging, auditing and security analytics
• Multi-Factor-Authentication (MFA)
• Granular access to cloud environments
• DSN Filtering

Automatic Wi-Fi Security for CCPA Compliance

With CCPA in effect, the way businesses handle Wi-Fi security will change drastically. At Perimeter 81, we have made this one of our key priorities. Our patented, Automatic Wi-Fi Security feature is a special built-in functionality to all of our applications that allows users to automatically deploy a VPN connection even if the device is locked and in your pocket.
Once you install Perimeter 81’s client applications, you can rest assured that data passing over any network is secured with 256-bit bank-level encryption. Perimeter 81’s innovative Automatic Wi-Fi Security immediately shields data by automatically activating VPN protection when employees connect to unknown, untrusted networks. Those advanced features, that come out of the box, are the reasons why Perimeter 81 is considered to be one of the best OpenVPN replacement.
If you have any more questions about CCPA, our Automatic Wi-Fi Security feature, or the steps we at Perimeter 81 have taken to protect your data, please don’t hesitate to contact us at [email protected].