The CCPA bill, passed in 2018, encourages businesses and related entities to be transparent and requires these organizations to report breaches of personal data.
The CCPA is more than just a regulation, as it represents a core change in the approach organizations must take to ensure their data remains secure and requires the creation of a data protection strategy for their data.
Organizations impacted by this change include businesses worldwide doing business in California who exceed the thresholds of:
- Annual gross revenues of $25 million
- Personal information of 50,000 or more California residents, households or devices annually or;
- 50% or more annual revenue from selling California residents’ personal information
- Parent companies and subsidiaries sharing the same branding, even if they themselves do not exceed the
To enforce this regulation and shift in approach, organizations can be fined anywhere from $2,500 per unintentional violation to $7,500 per intentional violation, with no fine ceiling.
With the risk of such fines, organizations must find digital solutions that enable them to continue to do business without roadblocks or bottlenecks that will ensure they are CCPA-compliant.
How Fortra’s Data Classification Suite (DCS) enhances CCPA compliance
CCPA requires your organization to have visibility into what data you possess, and where it is located. The DCS enables your organization to:
- IDENTIFY PERSONAL INFORMATION
Powered by machine learning, DCS intelligently enhances the accuracy and efficiency of your data protection program by recognizing company and regulation specific content categories and analyzing your data at rest and in motion.
- CATEGORIZE THE DATA
Classify data at rest and in motion automatically, or at creation during day-today workflows. DCS applies persistent metadata to date that trigger appropriate data protection policies, therefore enabling organizations to understand the data they have and how to handle it mitigating the risk of data breaches.
DCS allows organizations to adapt to the changing security and compliance needs of their organization with a configurable policy management platform. Organizations are empowered to set policy rules and levels of enforcement which can also trigger actions from their existing security investments.
|Policy Enforcement||Inspects email for sensitive content such as PII and provides immediate feedback, giving the sender a chance to correct any problems before the email leaves the desktop, ensuring personal information is handled appropriately.|
|Classification Selector||Provides simple, non-intrusive ways for users to identify email sensitivity. Users are guided through the classification process with prompts and suggestions to increase accuracy and efficiency.|
|Visual Markings||Applies regulatory-compliant visual markings in the form of headers, footers, watermarks, and classification authority blocks to clearly identify information sensitivity.|
|Metadata Assist||DCS stores user classification selections with the document as persistent metadata, which can be used to increase the accuracy and effectiveness of DLP, archiving, and perimeter security solutions.|
|Security Enablement||Adds an extra layer of security by automatically encrypting, signing, or RMS-protecting sensitive emails based on classification, recipient, content, or any other email attribute|
|Administration||Provides a centralized, web-based Administration Console for classification, configuration, and policy management across the entire DCS of products. DCS generates user activity logs that can be monitored and analyzed to measure the effectiveness of the security policies.|
While the CCPA is set to be enforced in 2020, the regulation is not yet in its final form. Changes are expected and will be ongoing, and implications for organizations both within and outside of California may increase over time. As your trusted advisor, DSC can provide you with assistance to interpret future CCPA updates and ensure that you are updating your data protection policies accordingly to maintain compliance.