Ensure your organization is prepared

Meet the stringent requirements of the CCPA with Zettaset

Is your organization required to meet CCPA requirements?

The new California Consumer Privacy Act (CCPA) has officially taken effect on January 1, 2020 and it covers a much broader set of information than other regulations, including GDPR. If your organization collects data on people who live in California, are not explicitly excluded, and meet any of these criteria, then you must meet CCPA requirements:

  • You have over $25 million in annual revenue
  • You collect information on 50,000 or more people
  • You derive 50% or more of your revenue selling personal information to third parties

You can view the bill here and some additional background here from the State of California’s Attorney General’s office, but it is important to know that the law covers data collected from January 1, 2019 going forward. It is likely that the CCPA is amended for clarification in 2020, but not to make it any less restrictive.

What information does the CCPA cover?

The CCPA grants consumers significant data collection rights and covers a broad amount of personal information not covered under GDPR and other regulations. The current information that is protected includes the following. Please refer to the legislature for any updates:

  • Identifiers such as real name, alias, postal address, email address, etc.
  • Personal and commercial behaviors, as well as inferences from them
  • Characteristics protected under California or federal law
  • Commercial information including purchase records or consumer tendencies
  • Biometric information or geolocation data
  • Internet or other network activity such as browsing history, etc.
  • Professional, educational or employment-related information
  • Inferences drawn from any of these

Penalties start at $2,500 per violation, and can increase to $7,500 if you are found to be “intentionally” in violation. But the biggest takeaway is that individuals also have the right to bring direct legal action against an organization for violations, even if there isn’t a breach.

Is my organization required to encrypt sensitive data?

Unlike other regulations like GDPR, the CCPA is clear on the need for encryption:

“The bill would provide for its enforcement by the Attorney General, as specified, and would provide a private right of action in connection with certain unauthorized access and exfiltration, theft, or disclosure of a consumer’s nonencrypted or nonredacted personal information, as defined.”

If unencrypted and sensitive data is disclosed, lost, or stolen, it’s firm evidence that your organization is in violation of its duty to instill reasonable security practices to protect that information. Organizations can avoid the risk of direct or class action litigation related to CCPA violations by having a strong security posture and encrypting sensitive data.

Zettaset provides a simple path to encryption that has a negligible effect on performance, and adds no complexity to your existing environments.

Zettaset can help you meet CCPA requirements with software-defined encryption

Zettaset products can provide the necessary level of CCPA compliance without having to implement and overlay a complex solution that will impact your business operations. That’s because Zettaset XCrypt™ encryption solutions are designed to function with near-zero latency to support the most demanding deployment requirements across physical, virtual, and cloud infrastructures.

  • They work with your existing hardware and require no specialized encryption expertise
  • They are high-performance, infinitely scalable, low latency, and budget-friendly
  • They are software-based for simple, fast, automated deployment with no proprietary appliances needed

Learn more about Zettaset’s XCrypt products by visiting our product pages:

For more information, please contact us at sales@zettaset.com. You can also demo XCrypt today by filling out this form.

*Please note that none of this should be taken as legal advice. Please consult with a proper authority before making any assumptions on whether or not your organization is required to meet CCPA requirements.

Request a Demo Today