The California Consumer Privacy Act (CCPA) is a California state regulation intended to protect consumers and enhance their privacy rights. The bill, officially called AB-375, was signed into law in 2018 and has been amended several times. The largest batch of amendments, in the form of the California Privacy Rights Act, became law in 2019.
As outlined by the CCPA fact sheet provided by the California State Government, the CCPA grants new rights to California consumers, including:
Personal information is any “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular consumer or household such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, license plate number, passport number, or other similar identifiers.”
Publicly available information is not considered personal information.
Despite only applying to California residents, from a practical standpoint, most large businesses need to be in compliance with the CCPA in order to easily do business in America. The aforementioned fact sheet outlines which kind of businesses need to adhere to the regulation:
The CCPA applies to any business where one of the following is true:
Overseas businesses that meet those requirements are also liable if they ship items into California.
The CCPA bill outlines the compliance requirements. In order to achieve compliance, businesses must do the following:
There are some other provisions of the bill that should be taken into consideration:
The CCPA bill outlines the following sanctions, penalties, and remedies that may be imposed for CCPA violations:
Key differences between GDPR and CCPA
The European General Data Protection Regulation (GDPR) is similar to the CCPA but there are some key differences. This article outlines some of the main differences. Among the most notable:
Saviynt’s cloud-native, automated, and centralized governance and compliance platform includes real-time risk dashboards, SaaS-based SoD analysis, and reporting mapped to CCPA, SOX, PCI, FedRAMP, HIPAA, and more.
Accelerate Compliance Program Maturity
Standardize User Access
Scale Compliance with Risk Controls
Monitor Controls Continuously
Continuously Document Compliance Activities
Integrate with Behavior and Monitoring solutions
Saviynt’s built-in Risk Control Library and Unified Controls Framework leverage intelligent analytics to continuously monitor for anomalous access, enabling assured compliance-as-a-service. A continuous controls monitoring solution keeps an eye on risk-based access controls to meet stringent compliance mandates.
The Control Exchange accelerates compliance program maturity with its out-of-the-box control repository and a Unified Controls Framework cross-mapped across business-critical regulations, industry standards, platforms, and control types.
Additionally, the following compliance programs apply to Saviynt cloud services and maintain the confidence of our customers in the status of information security that we provide.
SOC 1 Type II Audit Report
SOC 2 Type II Audit Report