The California Consumer Privacy Act (CCPA) regulates how businesses handle the personal information (PI) of California residents. CCPA applies to any for-profit businesses in the world selling the personal information of more than 50,000 California residents annually, deriving more than 50 percent of annual revenue from such information or with an annual gross revenue exceeding $25 million.
According to CCPA, personal information includes name, email address, biometric data, IP address, Internet of Things information, geolocation data, professional or employment information, and other information. CCPA does not consider publicly available information to be personal information.
Compliance with CCPA requires:
Updating how, why and what personal information is collected and processed.
Updating how users can request access, change, or erase the personal data collected.
Introducing a method for verifying the identity of anyone making such requests.
Introducing a “Do Not Sell My Personal Information” link on your home page.
Obtaining prior consent from minors 13-16 years old before selling their personal data, or from their parents for those under 13.
Failure to comply with CCPA risks huge fines, of up to $7500 per violation in case of a data breach.
Centraleyes delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the CCPA framework for companies protecting their customers PI. Centraleyes has mapped CCPA back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the Centraleyes platform organizations can gain full visibility to their cyber risk levels and compliance.