The California Consumer Privacy Act (CCPA) is the country’s first-ever consumer privacy law designed to give California residents true control over their own data and personally identifiable information (PII), like health and financial records, race or precise location.
Effective January 1, 2020, the CCPA grants the right to:
- Know what personal information is collected, used, shared or sold
- Delete personal information held by businesses
- Opt-out of sale of personal information
- Non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA
records exposed in 2018 due
to data breaches 1
expect to meet the January 1, 2020 CCPA deadline 2
Who must comply with CCPA?
For-profit businesses with customers in California and one or more of the following criteria:
- Has gross annual revenues in excess of $25 million
- Buys, receives, or sells the personal information of 50,000 or more consumers, households or devices
- Derives 50% or more of annual revenues from selling consumers’ personal information
How can SailPoint help you comply with CCPA?
Our open, cloud identity governance platform makes it easy for you to stay compliant by seeing and controlling access to all your apps and data for every user, including bots.
- Risk Based Security, “Data Breach QuickView Report,” December, 2018. https://www.riskbasedsecurity.com/2019/02/13/over-6500-data-breaches-and-more-than-5-billion-records-exposed-in-2018/
- eMarketer, “Very Few US Businesses Are CCPA-Ready,” September10, 2019. https://www.emarketer.com/content/very-few-us-businesses-are-ccpa-ready
Key identity governance benefits for CCPA.
Identify sensitive data
Use identity governance to identify where personal data is stored, who owns it and who has access to that data.
Govern who has access to personal data and see how that access is being used.
Audit and accountability
Produce audit trails and enable periodic reviews of access rights to enhance audit performance and comply with regulatory mandates.
Continually asses risk levels by automating access reviews to identify inappropriate access and use AI and machine learning to monitor and identify unusual access.
What if your organization doesn’t comply?
The penalty for non-compliance of the CCPA is $7,500 for intentional violations or $2,500 if the violation was unintentional. Additional charges include between $100-$750 in statutory damages (per incident, per consumer) in the event of a data breach. Depending on the number of customers affected, that cost could really add up.
In addition, just one breach or violation could cause significant damage to your customer relationships and company’s reputation.
Make sure you’re compliant with CCPA.
Learn how SailPoint can help.