California Consumer Privacy Act 2018 (CCPA)

California Consumer Privacy Act 2018 (CCPA)

Overview

With advancement of digital technologies and increased digitization of businesses, value of data has increased manifold. There has been an explosion of data in terms of its variety, velocity and volume which is in turn leading to more number of data breach incidents affecting customer trust and long term losses in terms of customer loyalty. This has made data privacy and security critical for businesses to succeed in a data first digital native world.

With a focus on data privacy and security, CCPA has been enacted to provide more control to California residents with respect to collection and usage of their personal information.

The Act will be effective from 1st January 2020.

1
Gives Consumers Rights

Protect consumers' right to tell a business not to share or sell their personal information.

2
Gives Consumers Control

Gain control over the personal information that is collected about consumers.

3
Gives Consumers Security

Hold businesses responsible for safeguarding consumers' personal information.

CCPA provides consumers with more control by providing them with following rights:

Right to know

Right to know

Right to deletion

Right to deletion

Right to access

Right to access

Right to opt-out

Right to opt-out

Right to equal service

Right to equal service

Who does it apply to?

Business that collects consumers' personally identifiable information from residents of California and satisfies one or more of the following:

Annual Gross Revenue

Annual Gross Revenue

in excess of $25,000,000

Interact with the personal information

Interact with the personal information

of 50,000 or more consumers, devices or households

Derives 50 % or more of its annual revenues

Derives 50 % or more of its annual revenues

from selling consumers' personal information

What are the fines for non-compliance?

  • Penalty of up to $750 per incident per consumer or actual damages, whichever is greater
  • State attorney general can sue for intentional violations of privacy for up to $7,500 each

For a single incident involving 10,000 consumers, businesses could be penalized up to an exorbitant $7.5 million

Key Focus Areas with respect to CCPA

Based on the CCPA requirements, Infosys has identified the key focus areas that an organization needs to evaluate in order to understand their level of readiness towards CCPA compliance.

Scope

Scope

Data Monetization

Data Monetization

Opt-in & Opt-out Service

Opt-in & Opt-out Service

Privacy Policy and Internal Training

Privacy Policy and Internal Training

Rights of Consumers

Rights of Consumers

Data Management & Governance

Data Management & Governance

Data Transfer

Data Transfer

Data Security and Protection

Data Security and Protection

Know your CCPA Readiness with Quick Assessment Tool

Start the quick assessment

How Infosys can help?

With CCPA coming into effect from 1 January 2020, organizations need to relook at their current data practices. Addressing CCPA requirements demands a heightened sense of purpose and drive from organizations coupled with a well-orchestrated roadmap and a change management plan.

Infosys believes that to drive a CCPA program, an organization needs to adopt an integrated and harmonized implementation model across the enterprise. To that effect, Infosys has developed solution frameworks, toolkits, questionnaires, and accelerators.

Infosys uses ADAM Framework - Assess, Define, Administer and Manage, to make organizations CCPA ready. The ADAM framework takes a structured and exhaustive view of the CCPA requirements and addresses each one of them by using a phased and modular approach. Some of the key components of the framework are "As-Is" assessment and gap analysis, Privacy by Design, Information Life Cycle Management, Organizational set up & readiness, Technology solutions and implementations to address the various rights enshrined under CCPA. The ADAM framework is supported by a business reference architecture and a rich and diverse set of templates and accelerators.

Infosys Offerings

Infosys offers an end-to-end solution comprising of assessment, implementation and monitoring to assist organizations on their CCPA journey. Our offerings encompass the whole gamut of data privacy principles including people, process and technology aspects of CCPA compliance journey.

Our Offerings
Line

Challenges & Solutions

  • Evaluate data, process and technology landscape
  • Perform gap analysis and compliance assessment
  • Enterprise capabilities: data discovery, lineage, quality etc
  • Develop roadmap for transition and compliance
  • Define and design data governance framework
  • Develop revised architecture and IT infrastructure plan
  • Draft data policies
  • Refine personal data reporting and its processes
  • Design privacy incident management solution
  • Deploy CCPA solution comprising of consumer interaction services, breach and incident management, access management etc
  • Implement data security measures
  • Realign operations based on CCPA requirements
  • Apply validation services
  • Supervise and take remedial measures
  • Perform risk assessment
  • Change management
  • Breach monitoring
  • Dashboard and reporting