What is the CCPA?
The California Consumer Privacy Act (CCPA), passed in 2018 and effective as of January 1, 2020, requires your organization to have visibility into what data you possess and where it is located. CCPA enhances consumer protection and privacy for California residents and requires businesses and related entities to report data breaches of personal information. Your organization needs to be able to take certain actions with this data.
The California Privacy Rights Act (CPRA), which serves as an amendment to the CCPA, was approved by California voters in November 2020 and is being enforced as of July 1, 2023. The CPRA expanded the rights already afforded to California consumers by the CCPA and introduced new rights, including the right to correct inaccurate personal information, the right to receive notice of the use of personal information and opt out of such use, and the right to data minimization and purpose limitations.
What does the CCPA require of organizations?
The CCPA only applies to for-profit organizations that do business in California, collect personal information from California consumers on their own or by others on their behalf, alone or jointly with others determine the purposes and means of the processing, and meet certain threshold criteria. If your organization fits that description and meets any of the following criteria, that means it will be considered a “business” under the CCPA and is subject to its regulations:
- The company met or exceeded $25 million in gross revenue in the preceding calendar year.
- The company buys, sells, or shares the personal information of 100,000 or more consumers or households.
- The company derives 50% or more of its annual revenue from selling or sharing consumers’ personal information.
Assuming a given organization qualifies as a business under the CCPA, it must:
- Provide notice of consumer rights
- Honor consumer rights
- Fulfill disclosure and retention obligations
- Facilitate consumer requests
- Implement security safeguards
How Fortra's Data Classification solutions enhance CCPA compliance
Our data classification solutions help organizations:
Identify personal information
Powered by machine learning, our solutions intelligently enhance the accuracy and efficiency of your data protection program by recognizing company – and regulation-specific content categories –and analyzing your data at rest and in motion.
Fortra software enables data categorization, meaning organizations can understand the data they have and how to handle it, mitigating the risk of data breaches.
Secure the data
Our solution allows organizations to adapt to the changing security and compliance needs with a configurable policy management platform. Organizations can set policy rules and levels of enforcement which can also trigger actions from other security products in their data protection ecosystem.