The new California Consumer Privacy Act (CCPA) has officially taken effect on January 1, 2020 and it covers a much broader set of information than other regulations, including GDPR. If your organization collects data on people who live in California, are not explicitly excluded, and meet any of these criteria, then you must meet CCPA requirements:
You can view the bill here and some additional background here from the State of California’s Attorney General’s office, but it is important to know that the law covers data collected from January 1, 2019 going forward. It is likely that the CCPA is amended for clarification in 2020, but not to make it any less restrictive.
The CCPA grants consumers significant data collection rights and covers a broad amount of personal information not covered under GDPR and other regulations. The current information that is protected includes the following. Please refer to the legislature for any updates:
Penalties start at $2,500 per violation, and can increase to $7,500 if you are found to be “intentionally” in violation. But the biggest takeaway is that individuals also have the right to bring direct legal action against an organization for violations, even if there isn’t a breach.
Unlike other regulations like GDPR, the CCPA is clear on the need for encryption:
“The bill would provide for its enforcement by the Attorney General, as specified, and would provide a private right of action in connection with certain unauthorized access and exfiltration, theft, or disclosure of a consumer’s nonencrypted or nonredacted personal information, as defined.”
If unencrypted and sensitive data is disclosed, lost, or stolen, it’s firm evidence that your organization is in violation of its duty to instill reasonable security practices to protect that information. Organizations can avoid the risk of direct or class action litigation related to CCPA violations by having a strong security posture and encrypting sensitive data.
Zettaset provides a simple path to encryption that has a negligible effect on performance, and adds no complexity to your existing environments.
Zettaset products can provide the necessary level of CCPA compliance without having to implement and overlay a complex solution that will impact your business operations. That’s because Zettaset XCrypt™ encryption solutions are designed to function with near-zero latency to support the most demanding deployment requirements across physical, virtual, and cloud infrastructures.
Learn more about Zettaset’s XCrypt products by visiting our product pages:
For more information, please contact us at sales@zettaset.com. You can also demo XCrypt today by filling out this form.
*Please note that none of this should be taken as legal advice. Please consult with a proper authority before making any assumptions on whether or not your organization is required to meet CCPA requirements.