Compliance

California Consumer Privacy Act (CCPA)

Last year, the State of California passed a crucial privacy law which gives consumers a lot more control of their data. This act gives residents all the rights to control what information companies obtain on them and how that information is used. The CCPA just came into effect on January 1, 2020, and it provides state residents with new tools of shielding their online personal information, hence, saddling businesses with a lot more responsibility.

The CCPA passed in 2019, and is considered to be one of the most comprehensive privacy legislations to be enacted in the US, according to the American Bar Association (ABA). Under this new legislation, residents of California are able to demand companies to reveal what information is obtained on them as well as the possibility of requesting a copy of that information. SEC. 3. Title 1.81.5 (commencing with Section 1798.100) is added to Part 4 of Division 3 of the Civil Code.

Additionally, companies can be forced to also delete their consumer’s data upon request and they are forbidden from selling it, if the customer clicks the “do not sell” button on their company website. This will not have an effect on receiving equal service and price whether they exercise their privacy rights or not. Thus, companies are not allowed to treat a user differently because they have requested to have access to their personal data.

AARC-360 will perform an initial gap analysis to identify the compliance of the organization with respect to CCPA sections.

A Certified Data Protection Officer (CDPO) from AARC-360 will guide the organization to meet the gaps by formulating the required policies and procedures.

AARC-360 will help the organization in performing Data Protection Impact Analysis (DPIA) using eGRC tool. Consultants will analyze the organization’s application to define the data model and process model to identify the impacted data elements and processes.

AARC-360 will also assess the risks arising from gap in the compliance and will help the organization in mitigating the risk using eGRC tool.

Finally, AARC-360 through their relationship with PECB will get the organization certified in ISO 27001/ 27701.