Home »

California Consumer Privacy Act (CCPA 2020)

MessageSolution Delivers Privacy Protections for CCPA Compliance

Are You Ready for the California Consumer Privacy Act (CCPA 2020)?

The California Consumer Privacy Act of 2018 (CCPA), one of the toughest data privacy laws in the U.S. was passed in June of 2018, immediately followed the implementation of Europe’s Global Data Protection Regulation (GDPR) in May 2018. The CCPA takes effect on January 1, 2020.

The CCPA focuses on providing Californian consumers’ the right to know, control and delete personal data that have been collected by businesses. It includes consumers’ profiles, personal information collected, sources of that information, personal information sold and or disclosed, and third parties with whom the information is disclosed or sold to.

Examples of Personal Identifiable Information:
  • Commercial information (records of products or services purchased, obtained or considered, and other consuming histories or
   tendencies)
  • Internet activity (browsing and search history and interactions with advertisements)
  • Inferences drawn from personal information to create profiles reflecting consumer preferences and attitudes.

Effective January 2020, it will be the strictest data privacy law in the United States, enforced by California Attorney General Office’s estimated 57 full time staffs, with fines up to $750.00 per record breached. To comply on the effective date, businesses will need to start record-keeping no later than Jan. 1, 2019, and likely will need to complete data mapping 12 months prior to that.

Some of the significant provisions include liability and private right of action. The act expressly provides for a private right of action for certain data breaches. Before a private right of action can commence, a consumer must provide a business with 30 business days’ notice and an opportunity to cure.

California is the first state to introduce legislation on data breach notifications, it is likely to find many states following on CCPA’s consumer privacy initiative. CCPA provides consumers a private right of action “in connection with certain unauthorized access and exfiltration, theft, or disclosure of a consumer’s non encrypted or non-redacted personal information.” It also shares privacy protection principals of GDPR where user agreement is based on opting in; CCPA (AB 375) is about opting out of the sale of personal data, the right to know if it’s being shared, breached, and right to request the deletion.

To Whom It May Concern
This law applies to those California companies with revenue over $25 Million, those who receive or collect 50,000 records per year (in IP addresses) or companies where the selling of data represents 50% of their annual revenues.

The 50,000 records threshold will be quickly met by companies that accept credit cards and or run websites, as each unique card collected and site visitor IP address will count toward that number, which works out to be an average of 138 such data points a day. As the privacy movement seeks to give consumers greater control over their data, its impact is being factored into all IT security reviews.

The MessageSolution Advanced eDiscovery Platform provides a compliant framework over email and network file and SharePoint servers that identifies and manages risk, responds to information requests, and provides case management support where necessary. In addition, the Platform redacts sensitive information and protects businesses from outbound data breaches via email.

Policy for Content Archiving and Searching of Sensitive Data
The MessageSolution Advanced eDiscovery Platform provides a compliant framework over email and network file and SharePoint servers that identifies and manages risk, responds to information requests, and provides case management support where necessary. In addition, the Platform redacts sensitive information and protects businesses from outbound data breaches via email.

Email DLP Blocks Breach of sensitive data at the Gateway

With MessageSolution, companies can both be ensured that sensitive data are processed securely and proactively detected to prevent accidental and malicious sends. This helps companies comply with regulation AB 375 and prevent violations in the future.

Summary Review for Personal Data Search Requests

 • Provide proximity and context to customer data within emails, file servers, SharePoint sites
 • Discover sensitive PII data within email systems when necessary
 • Automatically classify and label sensitive email data to be blocked at the email gateway
 • Alert Privacy Officers to potential mis-addressed emails to proactively prevent data breaches before they happen
 • Enable secure sharing of sensitive emails and attachments both internally and externally, utilizing policy-based redaction
 • Provide detailed reports to prove that sensitive data is being protected as it is shared and stored
 • Detect data breaches in real time including built-in reporting for notifying administrators Privacy Officers
 • Integrate with Microsoft Office 365 and Google G-Suite, as well as other hosted, on-premise and hybrid email platforms such as
  Exchange, IBM Domino and GroupWise etc.