Organization hasn't started evaluation

Evaluate data, process and technology landscape Perform gap analysis and compliance assessment Enterprise capabilities: data discovery, lineage, quality etc Develop roadmap for transition and compliance

Evaluation is completed - Define and Design

Define and design data governance framework Develop revised architecture and IT infrastructure plan Draft data policies Refine personal data reporting and its processes Design privacy incident management solution

Administer and implement changes

Deploy CCPA solution comprising of consumer interaction services, breach and incident management, access management etc Implement data security measures Realign operations based on CCPA requirements Apply validation services

Monitor and Secure the revamped system

Supervise and take remedial measures Perform risk assessment Change management Breach monitoring Dashboard and reporting

Achieve Compliance with the California Consumer Privacy Act

Overview

With advancement of digital technologies and increased digitization of businesses, value of data has increased manifold. There has been an explosion of data in terms of its variety, velocity and volume which is in turn leading to more number of data breach incidents affecting customer trust and long term losses in terms of customer loyalty. This has made data privacy and security critical for businesses to succeed in a data first digital native world.

With a focus on data privacy and security, CCPA has been enacted to provide more control to California residents with respect to collection and usage of their personal information.

The Act will be effective from 1^st January 2020.

Gives Consumers Rights

Protect consumers' right to tell a business not to share or sell their personal information.

Gives Consumers Control

Gain control over the personal information that is collected about consumers.

Gives Consumers Security

Hold businesses responsible for safeguarding consumers' personal information.

CCPA provides consumers with more control by providing them with following rights:

Right to know

Right to deletion

Right to access

Right to opt-out

Right to equal service

Who does it apply to?

Business that collects consumers' personally identifiable information from residents of California and satisfies one or more of the following:

Annual Gross Revenue

in excess of $25,000,000

Interact with the personal information

of 50,000 or more consumers, devices or households

Derives 50 % or more of its annual revenues

from selling consumers' personal information

What are the fines for non-compliance?

Penalty of up to $750 per incident per consumer or actual damages, whichever is greater
State attorney general can sue for intentional violations of privacy for up to $7,500 each

For a single incident involving 10,000 consumers, businesses could be penalized up to an exorbitant $7.5 million

Key Focus Areas with respect to CCPA

Based on the CCPA requirements, Infosys has identified the key focus areas that an organization needs to evaluate in order to understand their level of readiness towards CCPA compliance.

Scope

Data Monetization

Opt-in & Opt-out Service

Privacy Policy and Internal Training

Rights of Consumers

Data Management & Governance

Data Transfer

Data Security and Protection

Know your CCPA Readiness with Quick Assessment Tool

Start the quick assessment

How Infosys can help?

With CCPA coming into effect from 1 January 2020, organizations need to relook at their current data practices. Addressing CCPA requirements demands a heightened sense of purpose and drive from organizations coupled with a well-orchestrated roadmap and a change management plan.

Infosys believes that to drive a CCPA program, an organization needs to adopt an integrated and harmonized implementation model across the enterprise. To that effect, Infosys has developed solution frameworks, toolkits, questionnaires, and accelerators.

Infosys uses ADAM Framework - Assess, Define, Administer and Manage, to make organizations CCPA ready. The ADAM framework takes a structured and exhaustive view of the CCPA requirements and addresses each one of them by using a phased and modular approach. Some of the key components of the framework are "As-Is" assessment and gap analysis, Privacy by Design, Information Life Cycle Management, Organizational set up & readiness, Technology solutions and implementations to address the various rights enshrined under CCPA. The ADAM framework is supported by a business reference architecture and a rich and diverse set of templates and accelerators.

Infosys Offerings

Infosys offers an end-to-end solution comprising of assessment, implementation and monitoring to assist organizations on their CCPA journey. Our offerings encompass the whole gamut of data privacy principles including people, process and technology aspects of CCPA compliance journey.

Infosys CCPA compliance services covering assessment, implementation, monitoring

Challenges & Solutions

Evaluate data, process and technology landscape
Perform gap analysis and compliance assessment
Enterprise capabilities: data discovery, lineage, quality etc
Develop roadmap for transition and compliance

Define and design data governance framework
Develop revised architecture and IT infrastructure plan
Draft data policies
Refine personal data reporting and its processes
Design privacy incident management solution

Deploy CCPA solution comprising of consumer interaction services, breach and incident management, access management etc
Implement data security measures
Realign operations based on CCPA requirements
Apply validation services