CCPA compliance involves the California Consumer Privacy Act (CCPA), a data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents, and it’s considered one of the strictest privacy laws in the United States. Businesses will now have to honor requests from California residents to access, delete, and opt out of sharing or selling their information. Additionally, businesses will have to consider several CCPA compliance specific requirements when updating their privacy programs, such as the CCPA’s prescriptive opt-out measures, and the need to stop selling consumer data upon an individual’s request.

CCPA compliance applies to for-profit businesses that collect and control California residents’ personal information, do business in the state of California, and meet at least one of the following thresholds:

• Annual gross revenues greater than $25 million
• Receive or disclose the personal information (PI) of 50,000 or more California residents, households, or devices each year
• Make 50 percent or greater annual revenue from selling California residents’ personal information

Non-profits, smaller companies that do not meet the revenue thresholds, and/or those that don’t traffic in large amounts of personal information from California residents do not have to comply with CCPA.

Failure to comply with the CCPA can result in fines for businesses of $7,500 per violation and $750 per affected user in civil damages for businesses.

Our team of certified privacy experts understand the unique regulatory challenges your organization faces and offer a streamlined, common-sense approach to CCPA compliance. We can determine where your environment currently stands against the privacy rule by performing a comprehensive Gap Assessment to assess your organization’s existing controls against the CCPA rules or we can build your program from the ground up by establishing a privacy governance structure and developing policies and procedures that ensure your controls are adequately protecting your customer’s data and privacy in accordance with CCPA compliance requirements.

The goal of the CCPA GAP Assessment is to provide a view of your current privacy and data sharing posture, objectively review your personal information categorization plans and provide a roadmap for compliance. The assessment will also help your organization develop tactical and strategic decisions to strengthen your privacy and security program efforts and assess your privacy and security program against industry best practices. The assessment can be tailored to align with several different recognized cybersecurity control frameworks based on your organization’s compliance goals, industry, and control maturity level. Whatever your needs, we will develop a customized, cost effective path to CCPA compliance that is appropriate for the size and complexity of your organization.

In addition to a tech-enabled, streamlined approach, Control Logics offers:

• Competitive, fixed fee pricing
• Discounts for multi-year contracts
• Reduced on-site fieldwork by using our secure online client portal
• Director-level support and involvement in each phase of the engagement

To see how we can help your organization, contact us today!