CCPA Compliance
How Fortra’s Digital Guardian solutions can help you meet California Consumer Privacy Act (CCPA) requirements
What is the CCPA?
The California Consumer Privacy Act (CCPA), passed in 2018 and effective as of January 1, 2020, requires your organization to have visibility into what data you possess and where it is located. CCPA enhances consumer protection and privacy for California residents and requires businesses and related entities to report data breaches of personal information. Your organization needs to be able to take certain actions with this data.
The California Privacy Rights Act (CPRA), which serves as an amendment to the CCPA, was approved by California voters in November 2020 and is being enforced as of July 1, 2023. The CPRA expanded the rights already afforded to California consumers by the CCPA and introduced new rights, including the right to correct inaccurate personal information, the right to receive notice of the use of personal information and opt out of such use, and the right to data minimization and purpose limitations.
What does the CCPA require of organizations?
The CCPA only applies to for-profit organizations that do business in California, collect personal information from California consumers on their own or by others on their behalf, alone or jointly with others determine the purposes and means of the processing, and meet certain threshold criteria. If your organization fits that description and meets any of the following criteria, that means it will be considered a “business” under the CCPA and is subject to its regulations:
- The company met or exceeded $25 million in gross revenue in the preceding calendar year.
- The company buys, sells, or shares the personal information of 100,000 or more consumers or households.
- The company derives 50% or more of its annual revenue from selling or sharing consumers’ personal information.
Assuming a given organization qualifies as a business under the CCPA, it must:
- Provide notice of consumer rights
- Honor consumer rights
- Fulfill disclosure and retention obligations
- Facilitate consumer requests
- Implement security safeguards
Fortra’s Digital Guardian solutions can also help support CCPA compliance through:
- Data Discovery and Tagging: Digital Guardian helps identify and tag sensitive data across your organization's IT environment, ensuring compliance with CCPA's data protection requirements.
- Data Loss Prevention: Fortra's Digital Guardian includes robust DLP capabilities to monitor and control the movement of sensitive data, preventing unauthorized access or disclosure, which aligns with CCPA's mandate to protect consumer data.
- Incident Detection and Response: Digital Guardian provides real-time monitoring and alerts for suspicious activities involving consumer data, enabling organizations to promptly detect and respond to potential data breaches, as mandated by CCPA's breach notification requirements.
- Reporting and Auditing: Fortra's Digital Guardian solutions offer robust reporting and auditing capabilities, allowing organizations to generate detailed reports on data handling practices and demonstrate compliance with CCPA during audits or regulatory inquiries.