The California Consumer Privacy Act of 2018 (CCPA), one of the toughest data privacy laws in the U.S. was passed in June of 2018, immediately followed the May 2018 implementation of Europe’s Global Data Protection Regulation (GDPR). The CCPA takes effect in January of 2020.
The CCPA focuses on providing Californian consumers’ the right to know, control and delete personal data that have been collected by businesses. It includes consumers’ profiles personal information collected, sources of that information, personal information sold and or disclosed, and third parties with whom the information is disclosed or sold.
Effective January 2020, it will be the strictest data privacy law in the United States, enforced by California attorney general office’s estimated 57 full time staffs, with fines up to $750.00 per record breached. Don't let the amount of $750.00 make you think it's insignificant, when Atterny General Office sends a bill with $500,000.00 penalty to the compliance officer in your organization, you'll quickly find out that your database "only" has 700 PII records leaked - like some organizations in the past received similar surprising bills from the government mounted up to millions of dollars penalty for compliance violations (eg HIPAA, FINRA etc). With CCPA, to comply on the effective date, businesses will need to start record-keeping no later than Jan. 1, 2019, and likely will need to complete data mapping 12 months prior to that.
Some of the significant provisions include liability and private right of action. The act expressly provides for a private right of action for certain data breaches. Before a private right of action can commence, a consumer must provide a business with 30 business days’ notice and an opportunity to cure.
California is the first state to introduce legislation on data breach notifications, it is likely to find many states following on CCPA’s consumer privacy initiative. CCPA provides consumers a private right of action “in connection with certain unauthorized access and exfiltration, theft, or disclosure of a consumer’s non encrypted or non-redacted personal information.” It also shares privacy protection principals of GDPR where user agreement is based on opting in; CCPA (AB 375) is about opting out of the sale of personal data, the right to know if it’s being shared, breached, and right to request the deletion.
With MessageSolution Compliance EMail-File Archive eDiscovery Platform with MSecurity SystemTM implemented, companies can be ensured that sensitive data are processed securely and data are being proactively detected to prevent from accidental and malicious sending outside of the network. This helps companies comply with CCPA regulation, prevent violations, protect corporate intellectual properties as well as the sensitive privacy information.
• Provide proximity and context to customer data within emails, file servers, SharePoint sites
• Discover sensitive PII data within email systems and file servers or OneDrive cloud file systems when necessary
• Automatically classify and label sensitive email data to be blocked at the email gateway
• Alert privacy officers to potential mis-addressed emails to proactively prevent data breaches before they happen
• Enable secure sharing of sensitive emails and attachments both internally and externally, utilizing policy-based redaction
• Provide detailed reports to prove that sensitive data is being protected as it is shared and stored
• Detect data breaches in real time including built-in reporting for notifying administrators and privacy officers
• Integrate with Microsoft Office 365 and Google G-Suite, as well as other hosted, on-premise and hybrid email platforms such as
Exchange, IBM Domino and GroupWise etc.