The California Consumer Privacy Act (CCPA) Could Set a New Standard for Privacy and Data Security in the US

  • 16 September 2019

In June 2018, privacy and data security standards in the United States were fundamentally overhauled. On January 1st 2020, when the California Consumer Privacy Act (CCPA) becomes law, Californian citizens and businesses (and all businesses dealing with California) will have a very different relationship to data.

The CCPA will allow all residents of California to know what personal information is being collected about them by for-profit companies operating in the state, whether it is sold, disclosed or simply held. Although the CCPA will only directly apply to California, its implementation will affect any organization doing business in California and which satisfies one of the following credentials:

• Annual revenues of more than $25m
• Possesses personal information of more than 50,000 consumers, households or devices
• Generates over half its annual revenue from selling personal information

When the CCPA comes into effect in January 2020, actions will need to be taken in order for organizations to remain compliant. For example, the CCPA will require companies to create a channel such as a toll-free number that can allow consumers to request information regarding how their data is being used.

Parallels have been drawn between the CCPA and GDPR, with the CCPA requiring data privacy protections similar to those imposed by the European Union. Financial fines for data breaches under the CCPA will be less severe than the penalties under GDPR, capping at $7,500 per violation compared to the maximum cap of 4% of revenue / €20m (whichever is higher) for the most severe GDPR breaches.

With the CCPA and GDPR in place, organizations will have their data management practices under the spotlight more than ever. Luckily, technological solutions exist that can mitigate the risk of data loss and the associated negative consequences for enterprises. Tessian’s Enforcer and Constructor filters help organizations manage the ways data moves on email. Enforcer’s and Constructor’s machine learning allows organizations to prevent data from being transferred to the wrong place, ensuring that enterprises can comply with evolving regulations.

The general emphasis on tightening data security worldwide means that organizations will have to prioritize security in order to stay compliant and to uphold new privacy and security standards.

To learn more about how Tessian can help you become CCPA-compliant, contact us here.