• +1 866 576 4414
  • info@AARC-360.com
  • 8000 Avalon Boulevard, Suite 100 Alpharetta, GA 30009
Compliance

CCPA

Last year, the State of California passed a crucial privacy law which gives consumers a lot more control of their data. This act gives residents all the rights to control what information companies obtain on them and how that information is used. The CCPA just came into effect on January 1, 2020, and it provides state residents with new tools of shielding their online personal information, hence, saddling businesses with a lot more responsibility.
The CCPA passed in 2019, and is considered to be one of the most comprehensive privacy legislations to be enacted in the US, according to the American Bar Association (ABA). Under this new legislation, residents of California are able to demand companies to reveal what information is obtained on them as well as the possibility of requesting a copy of that information. SEC. 3. Title 1.81.5 (commencing with Section 1798.100) is added to Part 4 of Division 3 of the Civil Code.

Additionally, companies can be forced to also delete their consumer’s data upon request and they are forbidden from selling it, if the customer clicks the “do not sell” button on their company website. This will not have an effect on receiving equal service and price whether they exercise their privacy rights or not. Thus, companies are not allowed to treat a user differently because they have requested to have access to their personal data.
AARC-360 will perform an initial gap analysis to identify the compliance of the organization with respect to CCPA sections.
A Certified Data Protection Officer (CDPO) from AARC-360 will guide the organization to meet the gaps by formulating the required policies and procedures.
AARC-360 will help the organization in performing Data Protection Impact Analysis (DPIA) using eGRC tool. Consultants will analyze the organization’s application to define the data model and process model to identify the impacted data elements and processes.

AARC-360 will also assess the risks arising from gap in the compliance and will help the organization in mitigating the risk using eGRC tool.
Finally, AARC-360 through their relationship with PECB will get the organization certified in ISO 27001/ 27701.

Other Compliance Solutions

We will evaluate the organization’s incident response and breach reporting procedures against the HITECH requirements.

AARC-360 issues a Findings and Recommendations report that contains details of the procedures performed, the tested controls, the implementation status, the gaps identified, and guidance for remediation, corrective action and/or improvement of controls.

We will assist you by performing an attestation engagement to determine your organization’s compliance with the MARS-E requirements.

AARC-360 has highly qualified resources certified in ISO 27001, BS 10012, and ISO 27701 and can provide a comprehensive consulting services to the organizations helping them comply with GDPR requirements.

Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies and Entities provide detailed audit requirements.

The GLBA of 1999 requires financial institutions – companies that offer consumers financial products or services – to explain their information-sharing practices to their customers and to safeguard sensitive data.

Contact

We’d Love to Hear From You. Get In Touch!