CCPA compliance is something very important for anyone doing business in California either physically or through an online medium. It doesn’t matter where your business is based, if you collect personal information of California residents, your business must comply to the CCPA.
Data privacy laws such as the CCPA are becoming more prevalent as companies grow and use (or sell) consumer data.
The California Consumer Privacy Act (CCPA) is a law that came into effect on January 1st of 2020. It gives California consumers data privacy rights over how businesses collect and use their personal information. It applies to any business with a profit motive operating in California which meets the following conditions-
- Has a yearly gross revenue of over $25 million
- Buys, sells, or receives consumer data of 50,000 or more California consumers, households, or devices.
- Derives 50% or more of its annual revenue from selling or buying California residents personal information
What rights do consumers have under CCPA?
- Consumers can ask businesses what information they have collected and what they are planning to do with it
- The right to opt out of sale of personal information
- Consumers can ask businesses to delete their personal information
- Sue companies that violate the CCPA Act or experience a data breach
- Businesses cannot discriminate against you for exercising your rights under the CCPA
- Require an affirmative authorization (“opt-in”) for the sale of the child’s personal information (under the age of 16)
How can your business maintain CCPA Compliance?
CCPA requires businesses to implement and maintain reasonable security measures and practices that ensure data protection. The major departments within your company such as legal, finance, IT and Research& Development department should understand each other’s roles in safeguarding data to ensure compliance.
There should be a level of awareness on what type of data is collected, from whom it is collected from, where the data is stored and how it is shared.
Once your business has all the information on hand then it can start formulating a policy aimed at CCPA compliance.
There are various technologies you can implement as business to achieve CCPA compliance. The technology ranges from cybersecurity solutions to prevent unauthorized access to data, device and data encryption solutions, application security and data governance solutions like DLP.
In this article, we will specifically focus on email security as CCPA does have a big impact on email security as well.
Email is the backbone of corporate communication. Many businesses conduct business through emails, and this involves sharing of confidential data such as personal information. According to research, there are over 4 billion users of email in the world.
Businesses must take steps to protect emails that contain sensitive data that is shared both within and outside of the organization. It’s alarmingly easy to send a email to the wrong person and this opens up your organization to data breaches leading to non-compliance to CCPA.
If you fail to comply with CCPA you could face civil penalties and private lawsuits. Violations can result in civil penalties of up to $7,500, as well as statutory damages of $100-$750 per consumer per incident.
SendGuard for CCPA Compliance
One of the most common contributing factors for email-based data breaches is human error. SendGuard for Outlook analyzes email content and attachments for all outbound emails to ensure email data security.
With SendGuard, you can ensure that emails are only sent to the intended recipients with the correct attachment. SendGuard DLP checks email content for specific words or data patterns and warns/blocks users if it finds any potentially sensitive or restrictive information.
We will help you upgrade your email security strategy to help you comply with CCPA compliance. SendGuard can be purchased and configured based on the features that you need in your organization. Only turn on (and pay for) the features that your organization needs. All settings can be deployed and configured either using a Customized MSI or Windows Group Policy.