California Consumer Privacy Act

 

Next Steps
Overview Auditing CCPA DLP FERPA GDPR HIPAA PCI DSS DMaaS Static Dynamic Test Data/TDM

The California Consumer Privacy Act (CCPA) passed in 2018 and went into effect on January 1, 2020. Key provisions of the CCPA include:

1798.105

(a) A consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.

(b) A business that collects personal information about consumers shall disclose, pursuant to subparagraph (A) of paragraph (5) of subdivision (a) of Section 1798.130, the consumer's rights to request the deletion of the consumer's personal information.

(c) A business that receives a verifiable request from a consumer to delete the consumer's personal information pursuant to subdivision (a) of this section shall delete the consumer's personal information from its records and direct any service providers to delete the consumer's personal information from their records.

1798.110

(a) A consumer shall have the right to request that a business that collects personal information about the consumer disclose to the consumer the following:

  1. The categories of personal information it has collected about that consumer.
  2. The categories of sources from which the personal information is collected.
  3. The business or commercial purpose for collecting or selling personal information.
  4. The categories of third parties with whom the business shares personal information.
  5. The specific pieces of personal information it has collected about that consumer.

This suggests the need for software capable of finding and classifying, de-identifying or removing, and auditing changes to customer records. All of these features are in the affordable IRI FieldShield, CellShield EE and DarkShield data masking products, or the comprehensive IRI Voracity data management platform which includes them.

a crowd of people

The penalties for non-compliance are severe, and failing to comply is an option no business should take. As enforced under 1798.150:

Affordable IRI static data masking software can help you comply with the CCPA. Standalone or in Voracity, proven IRI 'shield' tools or services give you:

  • state-of-the-art, multi-source data searching, profiling and cataloging functions for DSARs
  • deletion or removal functionality for PII everywhere, to comply with the right to erasure
  • multiple redaction, encryption, pseudonymization and other PII de-identification methods
  • the ability to extract, structure, reformat and deliver PII to faciltate data reporting and record portability
  • peer-reviewed re-ID risk scoring algorithms to determine the risk of re-identification based on quasi-identifiers
  • demographic data blurring (random noise) and bucketing (generatlization) to anonymize data and preserve its value
  • automatic, query-ready data profiling and audit logging -- internally, or via SIEM tools, to support compliance verification
Data Protector Suite PDF Cover

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.