Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • IT Management

    California Privacy Rights Act and Enterprise Data Management: Key Updates

    Organizations that abide by the original CCPA and the amended version of the law will create strong customer relationships built on respect for consumer privacy.

    By
    eWEEK EDITORS
    -
    March 30, 2022
    Share
    Facebook
    Twitter
    Linkedin
      compliance and security

      California took bold steps to protect consumer data in 2018 with the California Consumer Privacy Act (CCPA), the first U.S. data privacy regulation that promised strict oversight and severe financial risk for businesses. This landmark legislation increased awareness about the need to protect consumer data and the individual rights of a user. It took steps toward greater transparency by regulating how companies collect and use consumer data.

      California voters showed they were completely on board with the law by recently voting to create the California Privacy Protection Agency and expand the CCPA through the California Privacy Rights Act (CPRA), which will take effect on January 1, 2023.

      The new law broadens the existing CCPA definition of an individual’s sensitive data to include any information reasonably capable of being associated with a person. The new law also makes it easier for consumers to regulate the processing of sensitive information.

      What this means is that companies are forced, once again, to take stock of their data management and cybersecurity processes and create best practices. This includes regular assessments of data across its entire lifecycle to evaluate the value of that information to the organization and to determine whether it should be appropriately sanitized or stored securely.

      Also see: Best Data Analytics Tools 

      Far-Reaching Privacy Law

      There may be some confusion about CCPA compliance, but make no mistake, any business that meets certain criteria—no matter where it’s located—must comply with the law if it wants to do business in California. With a population of 39 million, the number one economy in the U.S., and a growth rate only exceeded by China, California is a highly desirable market for businesses around the world.

      Companies that must comply with the CCPA include those that operate for profit and that determine the purposes and means of data processing. Furthermore, they exceed at least one of the following three revenue/information processing thresholds:

      • Have annual gross revenues of $25 million (USD) or more.
      • Derives 50% or more of its annual revenue from selling or sharing California residents’ personal information.
      • Annually buys, sells, or shares the personal information of 100,000 or more California residents or households.

      Also see: Top Business Intelligence Software 

      Achieving CCPA Compliance Through Data Management Best Practices

      One goal of the expanded law is to create greater trust among consumers by assuring that their data will not be mishandled. To accomplish this, the CPRA expands upon the CCPA by setting limitations on the collection, storage, and usage of personal and sensitive data beyond a certain time frame that’s been agreed upon with the consumer.

      Some of the key changes to keep in mind include:

      • The collection, use, retention, and sharing of personal information must achieve the purposes for which the personal information was collected. This will require the regular assessment of data across its entire lifecycle to evaluate the value of the information to the organization and to determine whether it should be sanitized or securely stored.
      • A comprehensive audit trail of data across its lifecycle, from point of collection to sanitization, must be maintained. This will allow data to be accounted for in the unfortunate event of a data breach.
      • Consumers will have the right to correct inaccurate information and limit the use of sensitive personal information.
      • The new law also expands the right of access to cover information collected over a longer period of time and removes exceptions that allow businesses to refuse deletion requests.

      Chances are that all of the above will require companies to adapt their current processes and implement best-in-class data management practices.

      Also see: Data Mining Techniques 

      Better Enforcement, Stiffer Fines

      The consequences of non-compliance are stiff. The California Protection Agency in conjunction with the California Attorney’s Office will be empowered to bring both civil and administrative enforcement actions against any business suspected of violating the updated CCPA law, starting on July 1, 2023.

      Business owners found in violation of the CCPA could face administration fines of up to $2,500 for each violation and up to $7,500 for each intentional violation. Penalties for misuse of a child’s information are especially heavy. 

      Non-compliance related to processing a minor’s personal information, such as requiring opt-in consent from either the minor (if between 13 and 15 years of age) or their parent/guardian (if 12 or under), have tripled for negligent violations involving children aged 16 and under.

      Also see: Real Time Data Management Trends

      A Win for Consumers and Businesses

      The bottom line is that the CCPA is a good thing for consumers. The measures in the original CCPA, as well as requirements associated with the new and improved version, are meant to protect consumers’ personal data. Together they give consumers a high level of control over how their data is used and what it’s used for, including its monetization.

      Businesses benefit as well. Because the new CCPA will require many businesses to revise their data management and security practices, including how and when they implement regular sanitization as a preventative practice, they will reduce their threat attack surface and mitigate the risk of fines due to potential legal actions.

      With less than a year to prepare for the expanded CCPA regulations, businesses must move now to create new policies that meet California’s new mandates. Organizations that take the original CCPA and the amended version of the law seriously by adapting their data management processes, including data sanitization and cybersecurity protections, will stay out of the crosshairs of the CPRA. Additionally, they will create strong customer relationships built on mutual trust and respect for consumer privacy.

      Also see: Top Digital Transformation Companies

      About the Author: 

      Fredrik Forslund, VP of Cloud and Data Center Erasure, Blancco

      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×