Achieving Compliance with the California Consumer Privacy Act (CCPA)
Overview
With advancement of digital technologies and increased digitization of businesses, value of data has increased manifold. There has been an explosion of data in terms of its variety, velocity and volume which is in turn leading to more number of data breach incidents affecting customer trust and long term losses in terms of customer loyalty. This has made data privacy and security critical for businesses to succeed in a data first digital native world.
With a focus on data privacy and security, CCPA has been enacted to provide more control to California residents with respect to collection and usage of their personal information.
The Act will be effective from 1st January 2020.
1
Gives Consumers Rights
Protect consumers' right to tell a business not to share or sell their personal information.
2
Gives Consumers Control
Gain control over the personal information that is collected about consumers.
3
Gives Consumers Security
Hold businesses responsible for safeguarding consumers' personal information.
CCPA provides consumers with more control by providing them with following rights:
Right to know
Right to deletion
Right to access
Right to opt-out
Right to equal service
Who does it apply to?
Business that collects consumers' personally identifiable information from residents of California and satisfies one or more of the following:
Annual Gross Revenue
in excess of $25,000,000
Interact with the personal information
of 50,000 or more consumers, devices or households
Derives 50 % or more of its annual revenues
from selling consumers' personal information
What are the fines for non-compliance?
- Penalty of up to $750 per incident per consumer or actual damages, whichever is greater
- State attorney general can sue for intentional violations of privacy for up to $7,500 each
For a single incident involving 10,000 consumers, businesses could be penalized up to an exorbitant $7.5 million
Key Focus Areas with respect to CCPA
Based on the CCPA requirements, Infosys has identified the key focus areas that an organization needs to evaluate in order to understand their level of readiness towards CCPA compliance.
Scope
Data Monetization
Opt-in & Opt-out Service
Privacy Policy and Internal Training
Rights of Consumers
Data Management & Governance
Data Transfer
Data Security and Protection
Know your CCPA Readiness with Quick Assessment Tool
Start the quick assessmentHow Infosys can help?
With CCPA coming into effect from 1 January 2020, organizations need to relook at their current data practices. Addressing CCPA requirements demands a heightened sense of purpose and drive from organizations coupled with a well-orchestrated roadmap and a change management plan.
Infosys believes that to drive a CCPA program, an organization needs to adopt an integrated and harmonized implementation model across the enterprise. To that effect, Infosys has developed solution frameworks, toolkits, questionnaires, and accelerators.
Infosys uses ADAM Framework - Assess, Define, Administer and Manage, to make organizations CCPA ready. The ADAM framework takes a structured and exhaustive view of the CCPA requirements and addresses each one of them by using a phased and modular approach. Some of the key components of the framework are "As-Is" assessment and gap analysis, Privacy by Design, Information Life Cycle Management, Organizational set up & readiness, Technology solutions and implementations to address the various rights enshrined under CCPA. The ADAM framework is supported by a business reference architecture and a rich and diverse set of templates and accelerators.
Infosys Offerings
Infosys offers an end-to-end solution comprising of assessment, implementation and monitoring to assist organizations on their CCPA journey. Our offerings encompass the whole gamut of data privacy principles including people, process and technology aspects of CCPA compliance journey.
Challenges & Solutions
Resource Center
Point of View
White Paper
White Paper
White Paper
