Is Your Business Prepared for the California Consumer Privacy Act?

The new California law presents a tough but sometimes ambiguous standard for data privacy - here’s how to stay compliant by partnering with an award-winning technology partner.

May 13, 2020Manhattan Tech Support

SecurityBusiness IntelligenceCloud ServicesIT Consulting & StrategySoftware DevelopmentTech Support & Managed IT ServicesTelecommunicationsFinanceConstructionEducationHealthcareLegalReal Estate

At the end of last year, California passed the California Consumer Privacy Act (CCPA), a landmark piece of legislation that defines a new standard for an individual’s data rights. The law provides three major forms of protection for consumers:

This photo shows how the CCPA law provides three major forms of protection for consumers

  • Right to access
    The right to know what personal information a business holds on an individual, including which information was collected, whom it was shared with, and to whom it was sold.
  • Right to deletion
    Under CCPA, consumers have the right to request that a company delete their personal information
  • Right to opt-out
    Individuals can stipulate that they don’t want their data sold to third parties.

Until the passage of CCPA, the United States has had comparatively lax data privacy standards, especially compared to Europe, which last year passed the comprehensive General Data Protection Regulation (GDPR).

Who Needs to Comply with CCPA?

California is the world’s fifth-largest economy, home to a high concentration of leading technology companies, like Google, Apple, Facebook and others. Much like GDPR, CCPA extends to well beyond the physical boundaries of the state and applies to anyone who “does business with the State of California.”

Businesses that fall into any of these categories have compliance exposure to CCPA:

  • Those that have $25 million in annual revenue
  • Companies of any size that have personal data of at least 50,000 people
  • Companies the collect more than half of their revenues from the sale of personal data

Any business that falls into these categories without being CCPA compliant faces civil penalties of up to $2,500 per violation, or $7,500 for each “intentional” violation. Additionally, there are penalties if consumer data is ever breached, ranging from $150 to $750 per violation. In the case of a large-scale data breach, these penalties could quickly add up to an enormous fine for your business.

The financial penalties associated with CCPA non-compliance demand an urgent, decisive response.   

According to research, only 55% of companies plan to be ready for CCPA implementation by January 2020. That same research shows that the number one reason that businesses aren’t prepared for CCPA compliance is a lack of time.

What Data Should You Protect to be Fully CCPA Compliant?

One of the factors that make CCPA compliance such a challenge is that it outlines a very broad view of what constitutes personal information, broader even than the GDPR, which is still giving businesses trouble almost a full year after being passed. According to the CCPA text:

“Personal information is data that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

The legislators chose the word “household” intentionally. It was designed to prevent businesses from circumventing the law by claiming it isn’t collecting information about an individual while collecting information about someone else who’s using the same computer.

Individuals who are protected by CCPA have several explicit rights in terms of privacy.

  • To know what data is being collected about them for 12 months after it’s collected
  • Opt-out of having their personal information sold to a third party
  • Obtain a copy of personal information in a clearly understandable format
  • Sue for damages if personal information is shared without consent

Manhattan Tech Support Has Clear Processes for Robust CCPA Compliance

To ensure this rigorous protection of data, and stay on the right side of CCPA regulators, Manhattan Tech Support and its cybersecurity division Kaytuso developed customized solutions that greatly reduce the complexity and stress surrounding strong compliance.

Below are just a few key elements of our CCPA solutions:

Building a Comprehensive Data Inventory for Clarity and Transparency

One of the first and most important steps toward building a CCPA-compliant data privacy program is to create a comprehensive inventory of the personal data in your organization, including how it’s shared, processed by your systems, and stored. This record, called a data inventory, isn’t a static list; it’s a living record of how your business processes and data interact.

Here’s how we help companies map their data inventories

This photo describes how we help companies map their data inventories

Procedures for Quickly Addressing Customer Requests

Under CCPA, a consumer has a legal right to request their personal data from your business and receive it in an easily intelligible format within 45 days. Because customer data is stored across many different systems and tools within your businesses, you’ll need an entirely new set of technical processes for ensuring that your team can retrieve that data quickly.

We help business configure their systems to handle the full range of consumer data requests

  • Accepting and managing customer requests
  • Verifying the identity of requesters
  • Properly categorizing “know” and “delete” requests
  • Procedures for handling data opt-out and opt-in

Strengthen Your Overall Data Security

CCPA requires that each business that falls into one of the above-mentioned categories have “reasonable security” in place to protect consumer information. The ambiguity of the term “reasonable” has been discussed in regulatory circles for decades, but in CCPA, it should be interpreted as providing:

  • Protections that are common throughout your industry
  • Continuous vulnerability management
  • Secure configuration of hardware and software, including mobile devices, laptops, and servers
  • Strong vendor management processes

To help businesses remove as much ambiguity as possible from CCPA, Manhattan Tech Support and its cybersecurity division Kaytuso, use frameworks like the National Institute for Standards and Technology (NIST) Cybersecurity Framework and the Center for Internet Security’s Top 20 Critical Security Controls (CSC 20), both of which are recognized guidelines in assessing and mitigating cybersecurity risk.

An Award-Winning Partner With Over 20 Years of Compliance Expertise

CCPA is landmark legislation for data privacy here in the United States, but it may just be the beginning. There are six other states with privacy laws currently in place and six more that could create their own data privacy legislation by 2020, including Washington, Illinois, Oregon, and Texas.

If you’re a business that needs expert advice on how to best address the new raft of data privacy legislation like CCPA, we’d be happy to help. Our seasoned experts have over 20 years of experience providing businesses with best-in-class compliance solutions and would love to answer your questions about CCPA or any other compliance standard you’re facing.

Contact us any time at 212-299-7673 or !


Kaytuso – the cybersecurity & regulatory compliance division of LLC.

Exceed Digital – the custom software development and business intelligence solutions division of LLC

Related Articles

AI trends in IT management

calendar March 22, 2023

author Manhattan Tech Support

Artificial Intelligence Business Intelligence Cloud Services Cyber Insurance IT Consulting & Strategy Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Non-Profits Real Estate Startups

AI trends in IT management

AI is on everyone’s minds these days. ChatGPT3 and OpenAi have brought what’s possible to the mainstream in a way we haven’t seen outside of movies before. If you’ve spent any time following the trends online, there’s a lot of

Read More
Best Microsoft 365 features for 2023

calendar March 15, 2023

author Manhattan Tech Support

Business Intelligence Cloud Services IT Consulting & Strategy Software Development Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Non-Profits Real Estate Startups

Best Microsoft 365 features for 2023

Microsoft’s office suite (now called Microsoft 365) has come a long way from its early days as a word processor and spreadsheet platform. These days, Microsoft 365 is a powerhouse of productivity tools that handle everything from word processing to

Read More
Digital Trust – what is it and how does it affect your business

calendar March 8, 2023

author Manhattan Tech Support

Business Intelligence Cloud Services Cyber Insurance IT Consulting & Strategy Security Tech Support & Managed IT Services Telecommunications Construction Education Finance Healthcare Legal Non-Profits Real Estate Startups

Digital Trust – what is it and how does it affect your business

It seems we hear new stories about cybercrime every day. The stories range from huge ransomware attacks on hospitals to city infrastructure being compromised. It might seem like this isn’t something that you and your business need to worry about,

Read More