cfo-as logo
Story image

California's CCPA now enforced worldwide

31 Aug 2020

Any company that does business with the United States state of California must follow the California Consumer Protection Act (CCPA). The Act, which came into effect on 1 January 2020, only entered official enforcement on 1 July.

The Act, which protects data belonging to consumers within California, is the first law of its kind within the United States – but it also has global scope. 

The Act includes new rights to privacy, including:

  • The right to know about the personal information a business collects about them and how it is used and shared;
  • The right to delete personal information collected from them (with some exceptions);
  • The right to opt-out of the sale of their personal information; and
  • The right to non-discrimination for exercising their CCPA rights.

All businesses that deal with consumers in California must comply with the CCPA and must explain their privacy practices.

For example, businesses must comply with a ‘notice at collection’, which must show what personal information they collect about consumers, for what purposes that information is used.

Further, if a business sells consumer data, the notice at collection must include a do not sell link.  Businesses cannot force consumers to waive their rights.

Australian companies employ more than 15,000 Californian residents across 83 different industries, according to IT association ISACA.

“The expansive reach of the CCPA and scope of data it covers can make compliance feel daunting to many,” comments ISACA Privacy Group member David Bowden.

To help educate businesses about the CCPA, global technology firm ISACA prepared an audit program and whitepaper designed for audit and privacy professionals.

The audit program helps professionals to discover how effective their practices are, as well as ongoing CCPA compliance management. ISACA also provides guidance for dealing with data breaches and security incidents.

“Having a comprehensive audit program is an incredibly valuable tool for guiding through these intricacies, avoiding repercussions and assuring compliance,” adds Bowden.
ISACA states, “By following the detailed testing steps outlined in the accompanying program spreadsheet, auditors can help organisations mitigate business impacts through three key elements:

  • Strong data classification supporting identification and location of consumer data
  • Consistent private data methodology ensuring that third-party vendor handling of
  • private data mirrors that of the entity
  • Agile project management and solid change management programs

To provide additional context, ISACA has also published Privacy: Beyond Compliance, a white paper that explores the current state of privacy as it relates to compliance, ethics and humanity.

Story image
Seagate rolls out 18TB helium-based Exos-X18 enterprise drives
Seagate is now shipping the 18 terabyte (TB) helium-based enterprise drive, which is a new additions to Seagate’s Exos-X18 family.More
Link image
<span class="coloured">Unleash the intelligent way to automate at Pega Discover – Intelligent Automation</span>
Find out how the world’s largest brands are accelerating business and simplifying systems in this two-hour, interactive virtual event. By the end you’ll be primed to start getting business done smarter and faster while scaling toward your biggest business goals. Register Now.More
Story image
AI in the finance sector - and how it will revolutionise banking
With the bar to success set so much higher amid lockdowns, innovation is almost essential, and one of the clearest paths to innovating a business model is through AI.More
Story image
What’s next for low-code/no-code?
Low- and no-code platforms are the next technological leap powering the next stage of the workplace evolution, writes SnapLogic field chief technology officer Brad Drysdale.More
Story image
Fintech innovation set to play huge role in cloud computing market, study finds
"The integration of cloud computing into banking solutions is anticipated to play a crucial role in transforming the banking sector in the forthcoming years.”More
Story image
VMware backs Microsoft's Azure Spring Cloud for developers
Microsoft Azure Spring Cloud is putting developers at the centre of the action, with the belief that more productive developers lead to more functionality, and happier customers.More