How To Get And Stay Compliant With The New California Consumer Privacy Act (CCPA):



GettyImages-1131275067California's new AB 375 privacy law is not as bad as GDPR, but the details are still in flux. CCPA does not have some of GDPR's most scary requirements like the very short 72-hour window in which an organization must report a data breach but in other areas it goes even further than GDPR. So, how do you get and stay compliant? CSO Online has a good executive summary:

What is the CCPA?

AB 375 allows any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. In addition, the California law allows consumers to sue companies if the privacy guidelines are violated, even if there is no breach.

Which companies does the CCPA affect?

All companies that serve California residents and have at least $25 million in annual revenue must comply with the law. In addition, companies of any size that have personal data on at least 50,000 people or that collect more than half of their revenues from the sale of personal data, also fall under the law. Companies don't have to be based in California or have a physical presence there to fall under the law. They don't even have to be based in the United States.

An amendment made in April exempts “insurance institutions, agents, and support organizations” as they are already subject to similar regulations under California’s Insurance Information and Privacy Protection Act (IIPPA).

When does my company need to comply with the CCPA?

The law went into effect on January 1, 2020, but enforcement began on July 1.

What happens if my company is not in compliance with the CCPA?

Companies have 30 days to comply with the law once regulators notify them of a violation. If the issue isn't resolved, there's a fine of up to $7,500 per record. "If you think about how many records are affected in a breach, it really increases very quickly," says Debra Farber, senior director for privacy strategy at BigID. Since the bill was put together and passed in just a week, it will probably see some amendments, she adds. "Things like the fine amounts are likely to change."


Request A Demo: Compliance Plus

Old-school compliance training is challenging for organizations to offer, difficult to do right, and is generally very expensive to deliver. In this live one-on-one demo we will show you how easy it is to deliver your compliance training program using Compliance Plus with KnowBe4's training platform.

CMP-Collage-LCompliance Plus gives you:

  • A whole new library with fresh compliance content updated regularly
  • Coverage of legislative requirements, such as HIPAA and many others
  • New-school high-quality customizable modules
  • Short, interactive modules to keep learners focused, newsletters, docs, and posters are all included
  • Completely automated compliance training campaigns with world-class support and extensive reporting

See for yourself how Compliance Plus can help you keep your users on their toes with compliance, risk and workplace safety top of mind!

Request A Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/compliance-plus-demo

Topics: Compliance



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews