Home »

Compliance Email and File System Archive EDiscovery Platform for CCPA 2020

Are You Ready for the California Consumer Privacy Act (CCPA 2020)?

The California Consumer Privacy Act of 2018 (CCPA), one of the toughest data privacy laws in the U.S. was passed in June of 2018, immediately followed the May 2018 implementation of Europe’s Global Data Protection Regulation (GDPR). The CCPA takes effect in January of 2020.

The CCPA focuses on providing Californian consumers’ the right to know, control and delete personal data that have been collected by businesses. It includes consumers’ profiles personal information collected, sources of that information, personal information sold and or disclosed, and third parties with whom the information is disclosed or sold.

Examples of Personal Identifiable information (PII):
   • Commercial information (records of products or services purchased, obtained or considered, and other consuming histories or
    tendencies)
  • Internet activity (browsing and search history and interactions with advertisements)
  • Inferences drawn from personal information to create profiles reflecting consumer preferences and attitudes.

Effective January 2020, it will be the strictest data privacy law in the United States, enforced by California attorney general office’s estimated 57 full time staffs, with fines up to $750.00 per record breached. Don't let the amount of $750.00 make you think it's insignificant, when Atterny General Office sends a bill with $500,000.00 penalty to the compliance officer in your organization, you'll quickly find out that your database "only" has 700 PII records leaked - like some organizations in the past received similar surprising bills from the government mounted up to millions of dollars penalty for compliance violations (eg HIPAA, FINRA etc). With CCPA, to comply on the effective date, businesses will need to start record-keeping no later than Jan. 1, 2019, and likely will need to complete data mapping 12 months prior to that.

Some of the significant provisions include liability and private right of action. The act expressly provides for a private right of action for certain data breaches. Before a private right of action can commence, a consumer must provide a business with 30 business days’ notice and an opportunity to cure.

California is the first state to introduce legislation on data breach notifications, it is likely to find many states following on CCPA’s consumer privacy initiative. CCPA provides consumers a private right of action “in connection with certain unauthorized access and exfiltration, theft, or disclosure of a consumer’s non encrypted or non-redacted personal information.” It also shares privacy protection principals of GDPR where user agreement is based on opting in; CCPA (AB 375) is about opting out of the sale of personal data, the right to know if it’s being shared, breached, and right to request the deletion.

To Whom It May Concern
This law applies to those California companies with revenue over $25 Million, those who receive or collect 50,000 records per year (in IP addresses) or companies where the selling of data represents 50% of their annual revenues.

The 50,000 records threshold will be quickly met by companies that accept credit cards and or run websites, as each unique card collected and site visitor IP address will count toward that number, which works out to be an average of 138 such data points a day. As the privacy movement seeks to give consumers greater control over their data, its impact is being factored into all IT security reviews.

The MessageSolution Advanced eDiscovery Platform provides a compliant framework over email and network file and SharePoint servers that identifies and manages risk, responds to information requests, and provides case management support when necessary. In addition, the Platform redacts sensitive information and protects businesses from outbound data breaches via email.

Policy for Content Archiving and Searching of Sensitive Data
The MessageSolution Advanced eDiscovery Platform provides a compliant framework over email and network file and SharePoint servers that identifies and manages risk, responds to information requests, and provides case management support where necessary. In addition, the Platform redacts sensitive information and protects businesses from outbound data breaches via email.

MSecurity SystemTM Email DLP blocks breach of sensitive data at the Gateway

With MessageSolution Compliance EMail-File Archive eDiscovery Platform with MSecurity SystemTM implemented, companies can be ensured that sensitive data are processed securely and data are being proactively detected to prevent from accidental and malicious sending outside of the network. This helps companies comply with CCPA regulation, prevent violations, protect corporate intellectual properties as well as the sensitive privacy information.

Summary Review for Personal Data Search Requests

 • Provide proximity and context to customer data within emails, file servers, SharePoint sites
 • Discover sensitive PII data within email systems and file servers or OneDrive cloud file systems when necessary
 • Automatically classify and label sensitive email data to be blocked at the email gateway
 • Alert privacy officers to potential mis-addressed emails to proactively prevent data breaches before they happen
 • Enable secure sharing of sensitive emails and attachments both internally and externally, utilizing policy-based redaction
 • Provide detailed reports to prove that sensitive data is being protected as it is shared and stored
 • Detect data breaches in real time including built-in reporting for notifying administrators and privacy officers
 • Integrate with Microsoft Office 365 and Google G-Suite, as well as other hosted, on-premise and hybrid email platforms such as
  Exchange, IBM Domino and GroupWise etc.

VERIFIED Seal