'Most Innovative Startup 2020' by RSA - Watch the video

Learn More
Watch Demo

Blogs

Wall Street Journal Highlights How SECURITI.ai Can Help Companies Comply with CCPA and Data-Privacy Laws

Published on December 2, 2019 AUTHOR REHAN JALIL

With the CCPA just around the corner and all the regulations that come along with it, companies are scrambling to stay compliant. Failure to do so can lead to fines up to $7,500 per affected person which is not just a drop in the bucket when you are talking about millions of people whose personal information is stored and shared by a company. Even though automation is not mandatory, it will become virtually impossible for large enterprises to stay compliant without automation.

January 2020 will usher in more than a New Year, it will also trigger the enactment of the California Consumer Privacy Act impacting about 500,000 organizations.  As Patience Haggin outlines in her recent Wall Street Journal article, the CCPA “applies to any for-profit business that does business in California and collects data on California residents, as long as its annual revenue tops $25 million, or it holds personal information on at least 50,000 consumers, or it generates at least 50% of its annual revenue from selling user data.” This means that, whether or not you physically operate in the state of California, if your website serves the state’s residents, the new law applies to you as well.

The article, titled “Businesses Across the Board Scramble to Comply With California Data-Privacy Law,” comes as news to many. For us at SECURITI.ai, it’s further justification for the solution we provide, and the recognition is validating. Haggin explains how the CCPA will enable California residents to request retailers, restaurants, airlines, banks and many other companies to provide them with any personal information they may have, including individual contact information, purchases and loyalty-program history. Consumers are further empowered with the ability to request that businesses delete their data entirely, or opt out of letting them profit from it.

Haggin cites Gap Inc. as an example and includes quotes from Dan Koslofsky, associate general counsel for privacy and data security at Gap, discussing the massive undertaking that preparing for the CCPA presents to companies that haven’t previously been regulated -- i.e. anything other than healthcare or financial services.

According to the International Association of Privacy Professionals, there are over 500,000 U.S. businesses across across industries that will be required to comply when the CCPA takes effect. From food and beverage companies to retailers to health insurers, banks and airlines, there’s no industry that will go untouched by the new privacy laws.

As the amount of data we create has grown, no system to organize it has grown with it. Haggin writes, “few companies keep all their customer data in one place, and now many are scrambling to build tools to match up individuals’ data across disparate systems, such as directories, purchase histories and customer-service request logs.”

The upcoming change for businesses is significant, but not unprecedented. For instance, companies like Gap have already gone through similar compliance issues in Europe with the EU’s General Data Protection Regulation. The GDPR, which took effect last year, is similar in its scope of customer-data requirements.

According to a PricewaterhouseCoopers survey this past year, only 52% of businesses expect to be CCPA-compliant by January 2020. To illustrate the kinds of concerns businesses big and small are having, the WSJ quotes Jeff Savage, president of Sacramento’s minor league baseball River Cats, “I’m concerned about people falsely accusing us of having information on them when indeed we don’t. How do I prove to Joe Smith that I don’t have his info?”

The WSJ explains that businesses receiving data requests will be required to comply within 45 days or risk fines and litigation, and that “the law threatens steep damages in the event of a data breach—as high as $7,500 per affected person.”

Could the CCPA be a sign of things to come? The WSJ likens the law to another standard that began in California -- regulated auto emissions -- and many believe that the requirements of the CCPA may soon become the national standard. In other words, this is only the beginning for PrivacyOps.

Share this

Our Videos

universal consent thumbnail View More
02:37

Universal Consent & Preference Management

Universal Consent & Preference Management

Learn More
cookie consent management video thumbnail View More
01:53

Cookie Consent Management

Automate and manage the entire consent life cycle with efficiency for various cookie compliance regulations around the world.

Learn More
data intelligence thumbnail View More
3:06

Sensitive Data Intelligence

Discover granular insights into all aspects of your privacy and security functions while reducing security risks and lowering the overall costs

Learn More
data mapping video thumbnail View More
3:11

Data Mapping Automation

Simplify gathering information, dynamically update your data catalog, and automate assessments and reports

Learn More
View More
02:40

An IT Leader’s Perspective on CCPA

Meet Brian Lillie, Former CPO at Equinix as he discusses the potential challenges of CCPA and how the PrivacyOps framework can be the key to unlocking compliance.

Learn More
Most Innovative Startup 2020 SECURITI.ai View More
03:42

RSA Innovation Sandbox 2020: Securiti

Watch the 3-minute pitch presented by Rehan Jalil on SECURITI.ai in the RSAC Sandbox Competition

Learn More

Products

Solutions

Systems

Company

Resources

Terms

Get in touch

[email protected]
PO Box 13039,
Coyote CA 95013

Copyright © 2021 SECURITI.ai

Sitemap - XML Sitemap