About the California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA), was enacted in 2018 and went into effect on January 1, 2020. This landmark piece of legislation secures new privacy rights for California consumers relating to the access to, deletion of, and sharing of personal information that is collected by businesses.
*Source: https://oag.ca.gov/privacy/ccpa
The CCPA Grants new Rights to California Consumers
- The right to know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information
- The right to delete personal information held by businesses and by extension, a business’ service provider
- The right to opt out of sale of personal information; consumers are able to direct a business that sells personal information to stop selling that information. Children under the age of 16 must provide opt-in consent, with a parent or guardian consenting for children under 13.
- The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA
The CCPA Imposes New Obligations to Businesses
- Provide notice to consumers at or before data collection
- Create procedures to respond to requests from consumers to opt out, know, and delete
- Respond to requests from consumers to know, delete, and opt out within specific timeframes
- Verify the identity of consumers who make requests to know and to delete, whether or not the consumer maintains a password-protected account with the business
- Disclose financial incentives offered in exchange for the retention or sale of a consumer’s personal information and explain how they calculate the value of the personal information
- Maintain records of requests and how they responded for 24 months in order to demonstrate their compliance
The Intelligent Data Hub™: Repurposing GDPR initiatives for CCPA Compliance
The Intelligent Data Hub™ is the key technology required to fully understand your customers, what data you have about them, and how they interact with your organization.
This cutting-edge technology includes capabilities for data management, data governance, discovery, and data cataloging, all of which are essential pillars of regulatory compliance. Furthermore, Semarchy has specific capabilities aimed at simplifying your compliance journey for CCPA and GDPR:
Instantly access all data pertaining to a customer
Instantly access all data pertaining to a customer
Enable data subjects to authenticate via web or call center to access and view their data. mastering person data in xDM is straightforward, with easy interoperability for standard database and integration systems.
Empower staff to accept and execute requests
Allow DPOs, data owners, or data stewards to accept requests with intuitive workflows, and act upon them with Semarchy xDM as the central point of coordination and consolidation for the required actions.
Confirm all erasure requests throughout all the data sources
Harmonize and confirm erasure requests by connecting all relevant data sources to Semarchy xDM and empowering the implementation of delete requests for a single system. Full lineage, traceability, and auditability are maintained while complying with the requirement to eliminate personal data.
Obtain and export data from all systems with a single request
Empower data subjects to obtain and export all relevant details from systems across the enterprise with a single request from xDM.
Learn more about building an effective GDPR/CCPA solution with a Proof of Value from Semarchy; understand benefits, ROI, milestones, and an implementation timeline in under two weeks.
Compliance Efforts go Beyond IT
The far-flung scope of where data can live means complying with CCPA is not limited to IT. Businesses cannot simply rely on addressing the issue of CCPA by applying an IT strategy.
Business teams and front-line staff must have access to this system. Businesses will benefit greatly from implementing ongoing data governance to ensure regulatory compliance and risk reduction.
By bringing several data sets together and creating a single database repository that incorporates data matching and is easily accessed by internal stakeholders (not just IT), businesses will be able to tackle CCPA challenges efficiently.