• Home
  • Products
    • Secure Drive Wiping SoftwareSecurely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software Erase & Diagnose iOS® & Android® Simultaneously
    • File Eraser SoftwarePermanently wipe files and folders, and erase traces of apps & Internet activity.
  • Solutions
    • For Enterprise, Govt. & SMBWipe hard drives, laptops, desktops, Mac® devices, mobile phones & rackmount storage.
    • Managed Service Provider & SIGlobally trusted data wiping & diagnostic solutions to augment your managed services competences
    • ITAD & Refurbisher Bulk erase loose drives, laptops, desktops, Mac devices, rackmount storage & mobile devices with centralized control.
    • Individual & Home User Safeguard invasion of privacy at the time of disposing old PC, laptop & mobile phone
  • Resources
    • CertificationsBitRaser - Tested & certified by multiple International Bodies
    • Reports & Certficates Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure StandardsGlobal erasure standards that help you comply to international laws & regulations
    • Technical Articles Series of articles to help understand data erasure & diagnostics
    • Product FactsheetExplore in-depth details of the features, benefits..
    • Deployment Get instructions on using BitRaser for wiping PC..
    • Case Studies Read Our Customer Case Studies Illustrating The Real-World Usage In Diverse Business Scenarios.
    • Frequently Asked Questions (FAQs) Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog Gain Latest Insights Into Data Erasure, Data Protection, Privacy And Regulations.
  • Partners
  • Products

    CASE STUDIES

    The best way to know about our solution is to read our customer case studies illustrating the real-world usage in diverse business scenarios.

    Read All Case Studies

    • Secure Drive Wiping Software
      Securely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network
      Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software
      Erase & Diagnose iOS® & Android® Simultaneously
    • File Erasure Software
      Permanently Wipe Files & Folders, Erase Traces Of Apps & Internet Activity
  • Solutions

    BITRASER® DATA ERASURE SOFTWARE

    Efficient, Easy & Permanent Wiping Of Sensitive Data Across Storage Devices. Guaranteed Data Privacy.

    Learn More

    • For Enterprise, Govt. & SMB
      Wipe Hard Drives, Laptops, Desktops, Mac® Devices, Mobile Phones & Rackmount Storage.
    • Managed Service Provider & SI
      Globally Trusted Data Wiping & Diagnostic Solutions To Augment Your Managed Service Competences.
    • ITAD & Refurbisher
      Bulk Erase Loose Drives, Laptops, Desktops, Mac Devices, Rackmount Storage & Mobile Devices.
    • Individual & Home User
      Safeguard Invasion Of Privacy At The Time Of Disposing Old PC, Laptop & Mobile Phone.
  • Resources
    • Product Certifications
      BitRaser - Tested & certified by multiple International Bodies
    • Sample Reports & Certificates
      Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure Standards
      Global erasure standards that help you comply to international laws & regulations
    • Technical Articles
      Series of articles to help understand data erasure & diagnostics
    • Product Factsheets
      Explore in-depth details of the features, benefits and specifications of our variants.
    • Deployment
      Get Instructions On using BitRaser for wiping PC, Mac, hard drives, mobile devices & files.
    • Case Studies
      Read our customer case studies illustrating the real-world usage in diverse business scenarios.
    • Frequently Asked Questions (FAQs)
      Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog
      Gain latest insights into data erasure, data protection, privacy and regulations.
  • Partners
  • +1-844-775-0101
  • Submit Enquiry

Deciphered - The Basics of CCPA

  • author image

    Written By Namrata Sengupta linkdin

  • calender

    Updated on Apr 20, 2020

  • clock

    Min Reading 3 Min

You finally managed to get a handle on the whole GDPR business. But wait, the fun's not over yet! Now you must contend with the California Consumer Privacy Act (CCPA), which took effect on January 1 2020, and comes with its own set of rules and headaches. Read on to find out what it is and how you can tame this beast.

What is CCPA?

The California Consumer Privacy Act is meant to strengthen consumer protection and the privacy rights of California residents. The new legislation applies to all businesses to provide services or products to consumers in the Sunshine State.

Irrespective of your personal take on the CCPA, you have to agree that the Act is revolutionary. In fact, pundits equate it to the beginning of a GDPR-like structure within the United States.

Surprisingly, America has never had a federal law governing the data rights of its citizens. But under the CCPA regulations, organizations must be fully transparent regarding the collection, sharing, and use of consumer information.

So Why California?

Because it makes the most logical sense. California has always been a pioneer of sorts as far as data privacy regulations are concerned. The state previously operated under CalOPPA (California Online Privacy Protection Act). And now the CCPA serves as a potential starting point for sophisticated privacy regulations that can be adopted nationwide.

CalOPPA (California Online Privacy Protection Act). And now the CCPA serves as a potential starting point for sophisticated privacy regulations that can be adopted nationwide.

While the law has multiple subsections, companies that employ or service Californians will find the following five pillars to have the greatest impact on their present operations:

  • Protect individual rights to opt-out of data selling
  • Protect individual rights to data erasure and access
  • Identify and fix vulnerabilities and gaps in information systems
  • Update SLAs with third-party data processors
  • Map in-scope personal information and instances of selling private data

Your organization may already adhere to GDPR (General Data Protection Regulation) requirements, but you need to get your business operations up to speed with CCPA standards within the grace period (six months from the date of official CCPA activation).

How Does CCPA Matter from Data Privacy Standpoint?

The CCPA provides permanent residents of California with new data privacy rights. They can know what and how personal information is used, request deletion and prevent businesses from collecting further information about them. Sponsored by the advocacy group Californians for Consumer Privacy, the CCPA has been termed "the most comprehensive privacy law in the country."

The implications of the landmark CCPA law extend far beyond California and represent a considerable shift in attitudes regarding data privacy in the US. For example, One Trust survey found that only 2 percent of businesses considered themselves CCPA compliant as of late August 2019. But the requirements are forcing businesses to take consumer data privacy seriously.

What's more, a report from Capgemini Research Institute shows that consumers want to do business with organizations that enforce data privacy over those that don't. 39 percent of consumers from the survey revealed they would purchase more goods from companies that safeguard their data, while 70 percent of respondents want to stop dealing with businesses that lack sufficient data privacy protection measures.

This is why organizations need to buckle up and strengthen their data security processes. They must pay attention to customer privacy while following the regulations laid down by data privacy regulation laws like the CCPA. These laws empower consumers to control personal data.

Also, complying with these regulations help businesses grow their brand and improve customer loyalty and trust. So, companies must have the right data protection methodologies and tools in place. Of course, juggling accessibility and security is hard, but businesses will get tangible benefits in the long run.

Thus, data privacy must be at the forefront of an organizations' business strategy to save time and money.

CCPA applies to all for-profit organizations that operate in California and either:

  • Have a minimum annual gross revenue of $25 million
  • Make more than half of their annual revenue by selling consumer's private data
  • Own data on more than 50,000 households, devices, or consumers

Business owners operating in California and collecting, sharing or selling Californian consumer's private data will probably be governed by the CCPA if they meet any of these benchmarks. The reach of the CCPA extends to organizations that own, are owned by, or share common branding with a covered businesses.

For that reason, businesses modify their data handling practices for implementing CCPA:

Decide Application

Find out whether CCPA applies to any aspect of your organization. Even if the measures don't seem to apply to your business, you should read the whole law since the definitions of "sale" and "personal information" are comprehensive.

Perform Gap Analysis

If CCPA applies to your business, identify and analyze gaps or loopholes that exist between your present rights management policies and the ones you must enact to fulfill the requirements.

Review Activities and Processes

Understand the business activities and processes covered by the law and pay attention to the requirements involving minors.

Check Map Data Usage

Have a transparent, clear view of the data usage within your organization. If necessary, develop in-scope data flow map detailing how you sell, collect and disclose personal details. If you already have a map in place, update them with new steps necessary under CCPA.

Understand Individual Rights

CCPA individual rights may apply to different activities or processes within your organization, including:

  • Access
  • Data portability
  • Deletion
  • Selling/Sharing Disclosures
  • Opt-in or Opt-out

Know Financial Incentives

Understand whether your organization will provide financial incentives for consumer data. Under the CCPA, businesses can offer reasonable incentives to consumers as compensation for the sale, deletion, or collection of personal data as long as:

  • The business informs consumers about the incentives
  • Gives consumers the opportunity to revoke participation and consent at any point
  • Gets opt-in consent before enrolling the consumer in this program
  • The incentive is not unreasonable, usurious, coercive, or unjust

Update Privacy Policy and Rights Management Procedures

Update your business' individual rights management processes to meet CCPA specifications and ensure your company's existing privacy policies include all disclosures under CCPA.

Modify Contracts

If your business has contracts in place with third-party vendors with whom your share collected personal information, modify the documentation to include every CCPA provision.

Establish Processes for Subject Access Requests

Define processes for handling SARs you receive from customers. Already have SAR policies in response to GDPR? Update them to meet CCPA requirements as well.

Key Modifications Released by CA's Attorney General

The California Attorney General announced multiple changes to the CCPA proposed regulations on 7 February 2020. The modifications included changes to the Right to opt-out, mandatory content of CCPA notices, and the permissible use of data by service providers. Businesses present working toward CCPA compliance should expect the Attorney General to commence enforcement once the rulemaking process concludes.

Most of the modifications are business-friendly:

  • Concept of "Personal Information"- Evaluating whether data constitutes "personal information" depends on whether the business links or could possibly link the data to a specific household or consumer.
  • Additional Service Provider Rights- Service providers can now process personal information for retaining and employing subcontractors that meet CCPA standards, detecting security incidents, complying with state or federal law investigations, or internal use by the service provider to improve or build the quality of its services.
  • Privacy Policy and Notice Requirements- The modifications relax several requirements resulting from CCPA privacy policies and notices at collection.
  • Sales Notification- The modifications do away with the requirements that if organizations receive a request to opt-out, they must notify every third-party to which the consumer's personal data was sold within 90 days preceding the request.
  • Opt-Out- The modifications make it easier for consumers to execute opt-out requests.
  • Data Brokers- Organizations are expressly relieved of any obligation to supply notices at collection if they have registered as a data broker with the Attorney General and comply with specific requirements in their registration submissions.
  • Biometric Data - Unique biometric data is now included in the list of data categories businesses need to disclose during a Right to know request.
  • Mobile Apps- The modifications add several references to the obligations of organizations that collect data via mobile apps, including an obligation to provide a link to the notice before downloading and "just-in-time" notices.

The Road Ahead

As soon as the CCPA was enforced at the beginning of the year, plaintiffs filed a data breach class action lawsuit against Hanna Andersson LLC and Salesforce, alleging CCPA violations. While the eventual result of the legal action is unknown right now, the nature of the lawsuit is important. It sends a clear message that CCPA compliance must be a top business priority since it is clearly at the forefront of the minds of consumers.

Aside from addressing CCPA needs, businesses must find solutions to achieve the greater goal of building customer trust. And in the digital economy where a single poor experience is enough to make the customer switch to the competitors, trusted engagements are important. And the CCPA goes a long way in helping achieve the same.

Concluding Remarks

The CCPA aims to help businesses operating in California be as transparent as possible with the way they handle and disclose consumer information. This legislation will pave the way for other state-wide legislation to provide similar privacy protection and data rights.

 

BitRaser is NIST Certified

See All Certifications

Related Articles

Are You An ITAD Upgrading To The R2v3 Standard? Here’s A Checklist!

July 27, 2021

NIST SP 800-88 Guidelines for Media Sanitization

Dec 14, 2019

Securely Erase An Encrypted Drive And Make It Reusable

April 27, 2022


REACH US

Stellar Data Recovery Inc.

48 Bridge Street Metuchen, New Jersey 08840, United States

Call Us

+1-844-775-0101

Email Us

sales@bitraser.com

Follow Us

linkedin youtube

Useful Links

  • About Us
  • Legal Policy
  • Privacy Policy
  • Cookies Policy
  • Sitemap

NEWS AND EVENTS

  • News & Press Release
  • Events

PARTNERS

  • Our Partnership Models
  • Reseller
  • Distributor
  • OEM
  • ITAD

RESOURCES

  • Knowledge Series
  • Technical Articles
  • Knowledge Base
  • Blogs
  • Reports & Certificates
  • Download Brochure
  • Deployment
  • Product FactSheets
  • Case Studies
  • Our Clients

BitRaser® & Stellar Data Recovery are Registered Trademarks of Stellar Information Technology Pvt. Ltd. © Copyright 2022 Stellar Information Technology Pvt. Ltd. All Trademarks Acknowledged.

ISO Certified
NAID VENDOR
ERN VENDOR

We use cookies on this website. By using this site, you agree that we may store and access cookies on your device Read More Got it!

Request Free License

Name*
Email*
Phone
Company
Country*
Number of Devices to Erase*
Details (If Any)
(*) Mandatory Fields

SUBMIT ENQUIRY

SUBMIT ENQUIRY

Usage:    Business   Personal
  • Captcha*
  • 8+8
  • =

  Yes, I would like to receive information regarding BitRaser products and I can unsubscribe any time.

  • Captcha*
  • 8+8
  • =

  Yes, I would like to receive information regarding BitRaser products and I can unsubscribe any time.

Modal body..
24 Internationally Recognized Erasure Standards
NIST Clear
NIST-ATA Purge
US Department of Defense, DoD 5220.22-M (3 passes)
US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
US Department of Defense, DoD 5200.28-STD (7 passes)
Russian Standard – GOST-R-50739-95 (2 passes)
B.Schneier’s algorithm (7 passes)
German Standard VSITR (7 passes)
Peter Gutmann (35 passes)
US Army AR 380-19 (3 passes)
North Atlantic Treaty Organization-NATO Standard (7 passes)
US Air Force AFSSI 5020 (3 passes)
Pfitzner algorithm (33 passes)
Canadian RCMP TSSIT OPS-II (4 passes)
British HMG IS5 (3 passes)
Zeroes
Pseudo-random
Pseudo-random & Zeroes (2 passes)
Random Random Zero (6 passes)
British HMG IS5 Baseline standard 
NAVSO P-5239-26 (3 passes) 
NCSG-TG-025 (3 passes)  
5 Customized Algorithms & more

Listening...