The CCPA is the state of California’s data privacy law. It marks a milestone in US privacy regulation in the same way that GDPR did for Europe. In short, it’s a game-changer.
The CCPA is the state of California’s data privacy law. It marks a milestone in US privacy regulation in the same way that GDPR did for Europe. In short, it’s a game-changer. For a quick primer on why it could matter for your business, check out the video below.
For any company coming to grips with the CCPA, the first step is figuring out if you’re affected. The CCPA applies to for-profit businesses who have operations in California and…
Let’s say you fall under one or more of these categories. What then? Well, under the CCPA there are a few key tasks businesses must be able to perform.
The CCPA is a dense document and it’s easy to get lost in the weeds on just about every requirement it contains. So for now, let’s just look at the most important public-facing capabilities a business needs to be CCPA-compliant:
Just like GDPR, the CCPA requires a business to be able to do certain privacy tasks. One of the most important is retrieving a user’s data if they request it. This is called a Subject Access Request, but you can see this abbreviated as DSR, DSAR, or SAR.
Consumers must be provided their data in a “readily usable” format. This can mean a PDF, styled template, or other easy-to-use file. But it can’t just be a data dump that would be unintelligible to the average user.
Under CCPA law, a company has 45 days to respond to a user who requests to access their data.
“Do Not Sell My Data”
This CCPA feature has gotten a lot of publicity. That’s partly because it doesn’t have a clear parallel in GDPR, and also because it’s highly visible. The “Do Not Sell My Data” requirement boils down to a few key actions:
Right to Erasure
The last major capability required by the CCPA is erasure. That’s a fancy way of saying “delete.” If a consumer requests it, a business must be able to fully delete their data record across all company properties.
This can be a challenge for businesses operating at scale. They might have 10, 20, or 100 different systems containing customer records. They need a way to scrub specific data from all these different systems, and the process needs to be efficient.
That’s just one area where providers like Ethyca are stepping in to make it easier for companies to comply with the CCPA.
The CCPA came into law on January 1, 2020 but it has already shaken up US data privacy in a major way. If this is the first time your business is thinking deeply about the topic of data privacy, it can be intimidating. But there are a few simple steps any business can take easily while they consider deeper privacy-related changes.
Ethyca has produced a 9 Step Guide that any small business can use to take the first steps towards CCPA compliance. Complete the simple form below to instantly receive the guide in your inbox.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team at Ethyca attended the PEPR 2022 Conference in Santa Monica live and virtually between June 23rd and 24th. We compiled three main takeaways after listening to so many great presentations about the current state of privacy engineering, and how the field will change in the future.
For privacy engineers to build privacy directly into the codebase, they need agreed-upon definitions for translating policy into code. Ethyca CEO Cillian unveils an open source system to standardize definitions for personal data living in the tech stack.
Masking data is an essential part of modern privacy engineering. We highlight a handful of masking strategies made possible with the Fides open-source platform, and we explain the difference between key terms: pseudonymization and anonymization.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Book a Demo