We use cookies on this website. By using this site, you agree that we may store and access cookies on your device Read More Got it!
logo
  • Home
  • Products
    • Secure Drive Wiping SoftwareSecurely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software Erase & Diagnose iOS® & Android® Simultaneously
    • File Eraser SoftwarePermanently wipe files and folders, and erase traces of apps & Internet activity.
  • Solutions
    • Enterprise & SMBWipe hard drives, laptops, desktops, Mac® devices, mobile phones & rackmount storage.
    • Managed Service Provider & SIGlobally trusted data wiping & diagnostic solutions to augment your managed services competences
    • Government Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.
    • ITAD & Refurbisher Bulk erase loose drives, laptops, desktops, Mac devices, rackmount storage & mobile devices with centralized control.
    • Individual & Home User Safeguard invasion of privacy at the time of disposing old PC, laptop & mobile phone
  • Resources
    • CertificationsBitRaser - Tested & certified by multiple International Bodies
    • Reports & Certficates Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure StandardsGlobal erasure standards that help you comply to international laws & regulations
    • Technical Articles Series of articles to help understand data erasure & diagnostics
    • Product FactsheetExplore in-depth details of the features, benefits..
    • Deployment Get instructions on using BitRaser for wiping PC..
    • Case Studies Read Our Customer Case Studies Illustrating The Real-World Usage In Diverse Business Scenarios.
    • Frequently Asked Questions (FAQs) Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog Gain Latest Insights Into Data Erasure, Data Protection, Privacy And Regulations.
  • Partners
  • Products

    CASE STUDIES

    The best way to know about our solution is to read our customer case studies illustrating the real-world usage in diverse business scenarios.

    Read All Case Studies

    • Secure Drive Wiping Software
      Securely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network
      Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software
      Erase & Diagnose iOS® & Android® Simultaneously
    • File Erasure Software
      Permanently Wipe Files & Folders, Erase Traces Of Apps & Internet Activity
  • Solutions

    BITRASER® DATA ERASURE SOFTWARE

    Efficient, Easy & Permanent Wiping Of Sensitive Data Across Storage Devices. Guaranteed Data Privacy.

    Learn More

    • Enterprise & SMB
      Wipe Hard Drives, Laptops, Desktops, Mac® Devices, Mobile Phones & Rackmount Storage.
    • Managed Service Provider & SI
      Globally Trusted Data Wiping & Diagnostic Solutions To Augment Your Managed Service Competences.
    • Government

      Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.

    • ITAD & Refurbisher
      Bulk Erase Loose Drives, Laptops, Desktops, Mac Devices, Rackmount Storage & Mobile Devices.
    • Individual & Home User
      Safeguard Invasion Of Privacy At The Time Of Disposing Old PC, Laptop & Mobile Phone.
  • Resources
    • Product Certifications
      BitRaser - Tested & certified by multiple International Bodies
    • Sample Reports & Certificates
      Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure Standards
      Global erasure standards that help you comply to international laws & regulations
    • Technical Articles
      Series of articles to help understand data erasure & diagnostics
    • Product Factsheets
      Explore in-depth details of the features, benefits and specifications of our variants.
    • Deployment
      Get Instructions On using BitRaser for wiping PC, Mac, hard drives, mobile devices & files.
    • Case Studies
      Read our customer case studies illustrating the real-world usage in diverse business scenarios.
    • Frequently Asked Questions (FAQs)
      Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog
      Gain latest insights into data erasure, data protection, privacy and regulations.
  • Partners
  • +1-844-775-0101
  • Submit Enquiry

10 CCPA Questions Every Tech Executive Should be Prepared to Answer

  • author image

    Written By Pravin Mehta linkdin

  • calender

    Updated on Feb 2, 2022

  • clock

    Min Reading 3 Min

The CCPA affects organizations not only in the Golden State but across the world. So, companies should expect a lot more interactions with users.

Given how California's Attorney General won't begin enforcing the law until July 1 2020, now's the perfect time for chief information security officers (CISOs) to prepare for compliance-related requests from business customers and end user requests submitted directly to their respective businesses. In the process, security managers can find gaps in their CCPA compliance, and avoid fines and lawsuits for violating the regulations.

Without further ado, here are the top 10 questions tech executives should be in a position to answer before the enforcement deadline is over:

1 - Does Your Company Fall Under the CCPA's Purview?

This question is relatively easy to answer. Does your organization:

  • Collect personal data on California citizens?
  • Generate more than $25 million in revenue annually?
  • Handle personal information for 50,000 Californian people, households, or devices?
  • Make at least half its revenue selling data on California residents?

If you answered yes to any of the questions, your business falls under the California Consumer Privacy Act.

According to the IAPP, over 500,000 companies must comply with CCPA, 400,000 of which are situated in states other than California. A study indicates that 75 percent of all California businesses and international firms gathering data on California citizens must comply with the CCPA too.

2 - Must You Be Compliant with Both the CCPA and GDPR? Or Is the Latter Enough?

The GDPR became law in May 2018. Till date, GDPR violations have cost businesses millions of euros in fines, including whopping £99 million and €50 million judgements against Marriott and Google respectively in 2019. While CCPA requirements are comparatively relaxed, some aspects go further than the GDPR. Consumers, for example, can file lawsuits against organizations thanks to the broader definition of private data under the CCPA.

So, even if your company is in compliance with GDPR, it may not meet CCPA standards. Focus on updating your privacy policy and customer contracts. Understand the incremental changes demanded by the CCPA guidelines. Make your business future-ready by allowing users to access and control their personal data regardless of location.

3 - Do CCPA Regulatory Requirements Interfere with Your Business Objectives?

Your business must process personal information to capture the target audience through complex digital marketing efforts. Closely monitor these activities for disclosure, consent, and transparency. Digital marketing is impossible without personal data. If your company wants to work with a third-party marketer for a data sale, consumers can opt out of the sale of their data under CCPA law. Businesses should therefore identify a sale and apply suitable marketing practices.

4 - Is Your Company in Compliance with CCPA?

A December 2019 survey found that 52 percent of companies would not be CCPA compliant by January 1 2020. In fact, those estimates were rather optimistic. Businesses claiming to be compliant were not truly compliant. Only larger businesses were somewhat prepared to handle the fallout from CCPA implementation. A major drawback was the broad view on personal data that CCPA adopted. Under the Act's provisions, the contents of a leave request email from an employee could be construed as privacy or personal data.

Also, many businesses mistook using a CCPA-compliant vendor for handling sensitive information as being CCPA compliant themselves. Amidst all the confusion, organizations did not modify their websites. At its core, the CCPA was too new a law and still changing. Familiarize yourself with the CCPA guidelines and work on processes that give consumers their data within the 45-day window. Check the earlier section on 'Obligations for Organizations/Businesses' for a better idea on how to proceed. Remember, your business is responsible for your data as well as its compliance.

5 - Are You Aware of Your Risk Exposure?

Most businesses understand what data they keep, where they keep it, and how it is protected. If you don't, begin a data mapping project. Maybe your business is accidentally not being compliant since you aren't aware of a section within your organization that is gathering and maintaining protected data.

Also, it's hard to say for sure whether your business is 100% compliant given how new the CCPA is. Companies are constantly changing their data collection methods and business processes. The law itself is evolving thanks to modifications proposed by the Attorney General. For parts of the law that are ambiguously worded, the case might end up in the courts. Still, your business should err on the side of caution since you won't get definite answers right now.

6 - How Do You Let Others Know That You are CCPA Compliant?

Apart from lawsuits and fines, the lack of CCPA compliance may lead to significant business loss. So, get your business' privacy team to analyze the CCPA. If you have prior experience handling GDPR requirements, use it to lay the groundwork.

Decide on your approach to compliance. For example, you may try the 'superset' - a single centralized system tracking both CCPA and GDPR privacy laws. Take the highest common denominator - GDPR allows 30 days for responses, CCPA 45. So respond to every request within 30 days.

Update your data management systems to include CCPA requirements. Also, publish details about your company's CCPA processes on the official website. Create a data processing system for both new and existing users to sign. Explain your obligations under CCPA and how your business will protect their data.

7 - How Much Will CCPA Cost You?

Estimates suggest:

  • Smaller businesses with 20 employees or less must pay $50,000 in initial costs
  • Mid-sized firms with 20 to 100 employees must spend $100,000
  • Companies with up to 500 employees will pay $450,000
  • Organizations with over 500 employees must spend $2 million

CCPA is not an opportunity to pad your budget, nor incite fear, doubt, uncertainty. Your business should treat CCPA as a new operational program for the company rather than a standalone annual budget item.

8 - Does CCPA Raise Privacy Awareness In Your Company?

CCPA is helpful for improving your business' culture of awareness. The regulations set, up good data governance and privacy awareness as the new gold standard. Educate your leaders about integrating this program into the organization's business processes instead of tacking it on as a mere afterthought.

Companies can increase awareness by:

  • Updating their websites
  • Reconsidering data collection strategies
  • Implementing systems to track and delete data
  • Reviewing contracts with business partners and vendors

CCPA also increases authentication awareness, thanks to its cybersecurity component to compliance. This prevents online identity thieves from accessing information about true data subjects and trolls from duping businesses into deleting all details about a certain user. Earlier, when customers canceled their accounts, businesses would retain backups of their data and simply reinstate it when the cancellation request turned out to be fraudulent. Now, however, the new privacy law calls for the data to be deleted in its entirety.

9 - Can You Avoid CCPA Hassles by Paying the Fine?

Many businesses find the wait-and-see approach to CCPA tempting. After all, enforcement won't begin until July, and even then, regulators will probably target the biggest offenders first. In fact, many CISOs consider fines less problematic than preparing for CCPA compliance. That is untrue since CCPA allows California citizens to file lawsuits individually in the event of a breach. Each privacy violation racks up fines up to $7,500. So, if 1,000 Californians visit your website and complain about the lack of opt-out buttons and notifications, you might be looking at a total penalty of $7.5 million.

Breaches cost your business $750 for each lost record. On top of that, California consumers get to sue your company as well.

So, CCPA compliance may be expensive but it is nothing compared to the huge fines your firm has to pay for non-compliance. Since GDPR went into effect, 160,000 breaches have been reported in the UK and Europe, resulting in fines worth $448 million.

The potential for private litigation under CCPA makes the cost a lot higher, and the situation is compounded by the fact that California ranks among the worst states for businesses to face lawsuits.

Of course, this doesn't mean your business is under threat from CCPA. But law firms and lawyers will pay more attention to consumer protection and data privacy than ever before.

10 - Is CCPA the End or Just the Beginning for Privacy Laws?

Other laws are already in progress. Depending on the impact of CCPA, several states will take action. Thus, businesses and tech executives need to prepare for a crisscross of laws, similar to how data breach notification laws vary from one state to another.

A federal law is necessary to prevent states from introducing their own interpretations and variations of the CCPA. However, the first order of business is a consistent approach to personal and privacy data usage in the US.

A secure Data Eraser Software helps comply to CCPA Regulations and prevent data breach. 

BitRaser is NIST Certified

See All Certifications

Related Articles

NIST SP 800-88 Guidelines for Media Sanitization

Dec 14, 2019

Know Virginia Consumer Data Protection Act

May 27, 2022

Everything You Need To Know About Data Erasure

June 13, 2022


REACH US

Stellar Data Recovery Inc.

48 Bridge Street Metuchen, New Jersey 08840, United States

Call Us

+1-844-775-0101

Email Us

sales@bitraser.com

Follow Us

linkedin youtube

Useful Links

  • About Us
  • Legal Policy
  • Privacy Policy
  • Cookies Policy
  • Sitemap

NEWS AND EVENTS

  • News & Press Release
  • Events

PARTNERS

  • Our Partnership Models
  • Reseller
  • Distributor
  • OEM
  • ITAD

RESOURCES

  • Knowledge Series
  • Technical Articles
  • Knowledge Base
  • Blogs
  • Reports & Certificates
  • Download Brochure
  • Deployment
  • Product FactSheets
  • Case Studies
  • Our Clients
  • Residual Data Study

BitRaser® & Stellar Data Recovery are Registered Trademarks of Stellar Information Technology Pvt. Ltd. © Copyright 2023 Stellar Information Technology Pvt. Ltd. All Trademarks Acknowledged.

ISO Certified
NAID VENDOR
ERN VENDOR

Submit Enquiry

Submit Enquiry

Usage*:     Business   Personal
hgcKs

I understand that the above information is protected by Stellar's Privacy Policy.

YyHn0

I understand that the above information is protected by Stellar's Privacy Policy.

Modal body..
24 Internationally Recognized Erasure Standards
NIST Clear
NIST-ATA Purge
US Department of Defense, DoD 5220.22-M (3 passes)
US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
US Department of Defense, DoD 5200.28-STD (7 passes)
Russian Standard – GOST-R-50739-95 (2 passes)
B.Schneier’s algorithm (7 passes)
German Standard VSITR (7 passes)
Peter Gutmann (35 passes)
US Army AR 380-19 (3 passes)
North Atlantic Treaty Organization-NATO Standard (7 passes)
US Air Force AFSSI 5020 (3 passes)
Pfitzner algorithm (33 passes)
Canadian RCMP TSSIT OPS-II (4 passes)
British HMG IS5 (3 passes)
Zeroes
Pseudo-random
Pseudo-random & Zeroes (2 passes)
Random Random Zero (6 passes)
British HMG IS5 Baseline standard 
NAVSO P-5239-26 (3 passes) 
NCSG-TG-025 (3 passes)  
5 Customized Algorithms & more

Listening...