With advancement of digital technologies and increased digitization of businesses, value of data has increased manifold. There has been an explosion of data in terms of its variety, velocity and volume which is in turn leading to more number of data breach incidents affecting customer trust and long term losses in terms of customer loyalty. This has made data privacy and security critical for businesses to succeed in a data first digital native world.
With a focus on data privacy and security, CCPA has been enacted to provide more control to California residents with respect to collection and usage of their personal information.
The Act will be effective from 1st January 2020.
Protect consumers' right to tell a business not to share or sell their personal information.
Gain control over the personal information that is collected about consumers.
Hold businesses responsible for safeguarding consumers' personal information.
CCPA provides consumers with more control by providing them with following rights:
Right to know
Right to deletion
Right to access
Right to opt-out
Right to equal service
Business that collects consumers' personally identifiable information from residents of California and satisfies one or more of the following:
in excess of $25,000,000
of 50,000 or more consumers, devices or households
from selling consumers' personal information
For a single incident involving 10,000 consumers, businesses could be penalized up to an exorbitant $7.5 million
Based on the CCPA requirements, Infosys has identified the key focus areas that an organization needs to evaluate in order to understand their level of readiness towards CCPA compliance.
Opt-in & Opt-out Service
Rights of Consumers
Data Management & Governance
Data Security and Protection
With CCPA coming into effect from 1 January 2020, organizations need to relook at their current data practices. Addressing CCPA requirements demands a heightened sense of purpose and drive from organizations coupled with a well-orchestrated roadmap and a change management plan.
Infosys believes that to drive a CCPA program, an organization needs to adopt an integrated and harmonized implementation model across the enterprise. To that effect, Infosys has developed solution frameworks, toolkits, questionnaires, and accelerators.
Infosys uses ADAM Framework - Assess, Define, Administer and Manage, to make organizations CCPA ready. The ADAM framework takes a structured and exhaustive view of the CCPA requirements and addresses each one of them by using a phased and modular approach. Some of the key components of the framework are "As-Is" assessment and gap analysis, Privacy by Design, Information Life Cycle Management, Organizational set up & readiness, Technology solutions and implementations to address the various rights enshrined under CCPA. The ADAM framework is supported by a business reference architecture and a rich and diverse set of templates and accelerators.
Infosys offers an end-to-end solution comprising of assessment, implementation and monitoring to assist organizations on their CCPA journey. Our offerings encompass the whole gamut of data privacy principles including people, process and technology aspects of CCPA compliance journey.
Point of View