Our privacy and technology experts understand the CCPA and the operational impact this first-of-its-kind privacy regulation has on your business. We will work with you to determine applicability and implement controls that get you in compliance while also ensuring you can continue operating as close to business-as-usual as possible.
Our engagements often include a combination of the following services:
Assess + Audit
Our assessment and audit services assist you with anything from a roadmap for CCPA compliance to testing the controls you built to comply. Rest easy knowing that your program has been reviewed by experts.
Program Design + Implementation
Our consulting services assist you with designing and implementing a custom CCPA privacy program that fits your business’s budget, appetite for risk, and industry risk.
Our consultants maintain the accuracy and relevancy of your CCPA privacy program and perform regular audits to ensure it is performing as it was designed to perform.
Does your organization have a formal process in place to honor consumer privacy rights under the CCPA? Take our CCPA Readiness Self-Assessment to determine your organization's CCPA compliance posture.
Let's get you started with CCPA Compliance
Taking the US privacy scene by storm in 2019, the California Consumer Privacy Act (CCPA) is the first comprehensive privacy regulation in the US.
The CCPA requires companies to provide disclosures to California consumers surrounding what personal information is collected, the purpose for collection, and selling and sharing practices. Further, the law provides rights to consumers including the ability to opt-out of the selling of their personal data, as well as:
- The right to know what personal information is collected;
- The right to know whether their personal information is sold or disclosed and to whom;
- The right to opt-out of the sale of their personal information;
- The right to access their personal information;
- The right to request the deletion of their personal information; and
- The right to equal service and price, regardless if they exercise their privacy rights.
Furthermore, while not an explicit requirement under the CCPA, California consumers can sue a business if a personal information breach occurs and the business has not implemented appropriate technical and security controls.
Fines + Enforcement
The California Attorney General has been vocal about enforcing the CCPA, and has the ability to levy stiff fines against businesses who violate the regulation. Penalties range from $2,500 to $7,500 per willful violation, and these can compound if an organization is unaware of a violation or is negligent in complying.
Private Right of Action
Plaintiffs can also seek between $100 and $750 per incident if a breach occurs. While limited to the breach provision under the CCPA, plaintiffs are testing the other aspects of the CCPA and whether the courts will award damages for other provisions under the CCPA.
Public Reputation + Consumer Trust
Consumer awareness surrounding how businesses are processing and handling their personal information is at an all-time high. Consumers are more likely to do business with companies they trust to protect their personal information and where processing activities are aligned with consumer expectations. The CCPA places the onus on businesses to comply and creates avenues for consumers and regulators to ensure that penalties ensue if businesses are not following the rules.
Cases as an