Enforcement begins July 1 — it’s time to look to readiness.
By Victoria Geronimo, Product Manager, Security & Compliance, 2nd Watch
Since the European Union introduced the General Data Protection Regulation (GDPR) in 2018, all eyes have been on the United States to see if it will follow suit. While a number of states have enacted data privacy statutes, California’s Consumer Privacy Act (CCPA) is the most comprehensive U.S. state law to date. Entities were expected to be in compliance with CCPA as of Jan. 1; enforcement begins July 1.
CCPA compliance requires entities to think about how the regulation will affect their cloud infrastructures and development of cloud-native applications. Specifically, companies must understand where personally identifiable information (PII) and other private data lives and how to process, validate, complete and communicate consumer information and consent requests.
How to Ensure CCPA Compliance
CCPA gives California residents greater privacy rights over their data that is collected by companies. It applies to any business that has customers in California and that either has gross revenue of more than $25 million or that acquires personal information from more than 50,000 consumers per year. It also applies to companies that earn more than half their annual revenue selling consumers’ personal information.
To ensure compliance, the first thing firms should look at is whether they’re collecting PII, and if they are, ensuring they know exactly where it’s going. CCPA not only mandates that California consumers have the right to know what PII is being collected, it also states that customers can dictate whether it’s sold or deleted. Further, if a company suffers a security breach, California consumers have the right to sue that company under the state’s data notification law. This increases the potential liability for companies whose security is breached, especially if their security practices don’t conform to industry standards.
Regulations regarding data privacy are proliferating and it’s imperative that companies set up an infrastructure foundation that helps them evolve fluidly with these changes to the legal landscape, as opposed to “frankensteining” their environments to play catch up.
It’s here that we start to consider the impact on cloud journeys and cloud-native apps, as this is where…
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.