The California Consumer Privacy Act of 2018 (CCPA), one of the toughest data privacy laws in the U.S. was passed in June of 2018, immediately followed the implementation of Europe’s Global Data Protection Regulation (GDPR) in May 2018. The CCPA took effect on January 1, 2020.
The CCPA focuses on providing Californian consumers’ the right to know, control and delete personal data that have been collected by businesses. It includes consumers’ profiles, personal information collected, sources of that
information, personal information sold and or disclosed, and third parties with whom the information is disclosed or sold to.
• Internet activity (browsing and search history and interactions with advertisements)
• Inferences drawn from personal information to create profiles reflecting consumer preferences and attitudes.
Effective January 2020, CCPA is the strictest data privacy law in the United States, enforced by California Attorney General Office’s estimated 57 full time staffs, with fines up to $750.00 per record breached. In compliance with CCPA regulations, businesses must keep records beginning Jan. 1, 2019 and complete data mapping 12 months prior to that.
Some of the significant provisions include liability and private right of action. The act expressly provides for a private right of action for certain data breaches. Before a private right of action can commence, a consumer must provide a business with 30 business days’ notice and an opportunity to cure.
California is the first state to introduce legislation on data breach notifications, it is likely to find many states following on CCPA’s consumer privacy initiative. CCPA provides consumers a private right of action “in connection with certain unauthorized access and exfiltration, theft, or disclosure of a consumer’s non encrypted or non-redacted personal information.” It also shares privacy protection principals of GDPR where user agreement is based on opting in; CCPA (AB 375) is about opting out of the sale of personal data, the right to know if it’s being shared, breached, and right to request the deletion.
With MessageSolution, companies can both be ensured that sensitive data are processed securely and proactively detected to prevent accidental and malicious sends. This helps companies comply with regulation AB 375 and prevent violations in the future.
• Provide proximity and context to customer data within emails, file servers, SharePoint sites
• Discover sensitive PII data within email systems when necessary
• Automatically classify and label sensitive email data to be blocked at the email gateway
• Alert Privacy Officers to potential mis-addressed emails to proactively prevent data breaches before they happen
• Enable secure sharing of sensitive emails and attachments both internally and externally, utilizing policy-based redaction
• Provide detailed reports to prove that sensitive data is being protected as it is shared and stored
• Detect data breaches in real time including built-in reporting for notifying administrators Privacy Officers
• Integrate with Microsoft Office 365 and Google G-Suite, as well as other hosted, on-premise and hybrid email platforms such as
Exchange, IBM Domino and GroupWise etc.