GDPR and CCPA are significant data protection legislations that require businesses to reassess the way they manage consumer data. While GDPR is applicable to EU companies, CCPA, enacted in 2018, is the first major privacy law in the United States.
The CCPA provides several privacy rights to Californian consumers and imposes obligations on businesses, including:
Coming into affect on January 1, 2020, the CCPA applies to companies operating in California that meet certain criteria, such as grossing over $25 million annually or dealing with the personal information of over 50,000 consumers.
The CCPA grants rights relating to access, deletion, and portability of personal data, with companies obligated to provide detailed disclosures and controls for consumers to opt-out of data ‘sales’. Special provisions are in place for minors, and discrimination against consumers exercising CCPA rights is prohibited.
The term ‘sell’ is widely defined in CCPA, and penalties for noncompliance can reach up to $7,500 per intentional violation. Unlike GDPR, CCPA necessitates opt-out from data sales to third parties and introduces parental consent requirements for children under 13.
To start your path to CCPA compliance, here are the five key steps you’ll need to focus on:
Discover: Identify your personal and sensitive data and know where it resides.
Map: Determine how your personal and sensitive data is being shared with third parties and identify if that third party is exempt from CCPA opt-out requirements.
Manage: Govern how the data is used and accessed (data governance)
Protect: Deploy robust security controls to prevent, detect, and respond to vulnerabilities and data breaches.
Document: Document your data breach response program and ensure any contracts with relevant third parties can take advantage of opt-out exceptions.
With Concentric AI, there are three key steps to ensure organizations are compliant with CCPA:
Data discovery and identification can be a crucial step in helping you achieve CCPA compliance. As more personal data is being managed and processed — due to the surge in cloud migration, an increasing number of remote or hybrid workers, and widespread corporate Bring Your Own Device (BYOD) initiatives — compliance challenges are escalated for companies operating in California or processing data from individuals in California.
Concentric AI’s solution uses sophisticated machine learning technologies to autonomously scan and categorize data — from financial data to PII/PHI/PCI to intellectual property to business confidential information – wherever it is stored. Concentric autonomously identifies that data, learns how it’s used, and determines whether it’s at risk. With Concentric, you will know where your CCPA data is across unstructured or structured data repositories, email/ messaging applications, cloud or on-premises – all with semantic context.
Concentric helps you understand what personal information the company holds, determines the legal ramifications for processing personal information, assesses the risk associated with processing personal information, and allows you to respond to data subject requests.
For any organization, the ability to continuously monitor data for risk is not only difficult but time-consuming for IT and security teams. As adherence to data protection laws like CCPA becomes more crucial, the resources required to write complex rules and deploy policies on-the-fly can be overwhelming.
With Concentric AI, you can autonomously discover how CCPA data is being used, who it is being shared with, and who accessed it — to quickly and accurately pinpoint risk from inappropriate permissioning, risky sharing, and unauthorized access.
Data classification is an important step in achieving CCPA compliance because it enables companies to identify, categorize, and organize their data according to its level of sensitivity and importance. This is particularly critical under the CCPA because the regulation imposes strict requirements on how companies handle personal data.
With Concentric, you are empowered to:
Concentric AI’s Risk Distance™ analysis leverages deep learning to compare each data element with baseline security practices used by similar data to identify risk without rules and policies. More importantly, our solution can remediate these access risks as they happen – whether it’s fixing access control issues or permissions, disabling sensitive file sharing with a third party, or blocking an attachment on a messaging service.
The best part is that Concentric AI reduces risk, protects data without upfront policies, and doesn’t require large teams to operationalize.
Concentric Semantic Intelligence helps enterprises discover and protect their most sensitive and confidential information without any rules, upfront work or security team overhead.
Utilizing Deep Learning, Concentric Semantic Intelligence™ autonomously delivers a content-based, categorized view of your data and a risk rating for all data that have been exposed. This allows your data security, privacy, and compliance teams to easily find and correct inappropriate sharing, unauthorized access or wrong entitlements of sensitive data to efficiently prevent data loss.
Customers are successfully using our product in production for petabytes of data for:
Organizations face a trifecta of challenges when it comes to protecting data: massive cloud migration, the rise of remote and...
When we think about data protection and security, it seems evident that it would apply to every industry and business...
As digital transformation and cloud migration become more commonplace in all industries, the amount of data businesses must store, process...
Note: this article has been updated as of 12/2/2023 As more organizations adopt remote or hybrid work arrangements, cloud infrastructure...
If you’ve used ChatGPT, you know how powerful and helpful it can be. For the security conscious enterprise, however, there...
Artificial intelligence (AI) has achieved remarkable advancements over the last few years, with examples like ChatGPT dominating recent headlines. Large...