With the Privitar Data Privacy Platform™, enterprises can mitigate the risks from the California Consumer Privacy Act’s (CCPA) most pressing regulatory compliance challenges:
With many states proposing similar or identical legislation, recognition that implementing a single standard for the entire country can be more cost effective and efficient, and an understanding that US consumers are demanding their sensitive personal data be protected, leading businesses are committing to CCPA compliance across the entire US.WATCH NOW »
The CCPA is the most significant US privacy law to date. It applies to all for-profit companies doing business in California that collect, share or sell California consumers’ personal data and meet one of the following criteria:
Plus CCPA applies if your organization is owned by, or shares common branding with a covered business. And you don’t even need to have operations or employees in California.
Consumers can exercise a Private Right of Action (PRA) if certain types of data, as defined in the California Data Breach Notification Law, leak. This data includes driver’s license, social security number, email address, account numbers, as well as medical, health and biometric information. Affected consumers can claim damages of $100-$750 per person for distress alone. Damages are uncapped for actual harm. Privitar enables you to pseudonymize these data types and eliminate the risk of PRA.
The state Attorney General has new investigative authority and the power to levy fines up to $2,500 – $7,500 per incident per person for violations.
Consumers can request their data to be deleted. Although this sounds straight-forward, in practice it can be challenging for organizations to comply. And non-compliance can result in fines. Learn more about the Right to be Forgotten.
The CCPA does not apply to data which has been de-identified and aggregated. Simple pseudonymization is not enough, because pseudonymous data can be identifying when combined with other proprietary or publicly available data. However, using Privitar’s advanced de-identification functionality you can move beyond pseudonymization to take data out of the scope of the CCPA.
The California AG’s draft regulations confirm that de-identifying data is sufficient to comply with deletion requests. With direct and quasi-identifiers de-identified, you can retain behavioral and historic data that enables you to maximize the value and insights from future aggregate analyses.