CCPA Is Coming. Are You Ready?

Posted on: December 5, 2019
Author: Fusion Risk Management

Data Security system Shield Protection

This year has nearly come and gone and with a new year comes not only a new you, but also new regulations. As we transition into a new decade, businesses will be tasked with adapting their data privacy policies to a new batch of alphabet soup – CCPA, the California Consumer Privacy Act – even if they’ve already become compliant with the General Data Protection Regulation (GDPR).

As previously discussed in How Do GDPR and CCPA Differ, and What’s Next?, CCPA goes into effect on January 1, 2020. Much like its European counterpart, CCPA impacts the ways in which organizations maintain and store personal information about their customers, specifically “the right to be forgotten” of those who are residents of California (including individuals and households). And while certain areas are not as strict as GDPR, CCPA specifically grants individuals the right to permanently opt out of the collection and use of any personal data. Ensuring adherence to this policy requires much more robust data organization, security, and an ability to demonstrate compliance.

According to a new survey by the Conference Board, US CEOs rank cybersecurity as their number one external concern for 2019. Yet, it is estimated by eMarketer that only 8% of U.S. organizations are fully prepared for compliance with CCPA. That’s a large gap between cybersecurity concerns and CCPA preparedness.

What steps can organizations take to prepare?

  1. Organizations must understand the regulation and if/how it impacts their business. Generally, if you collect and/or sell information consumer data of California residents (even if you are not based in California), you should comply.
  2. What is affected? Anything that contains or touches California consumer data. This comes in all types of forms – stored data, processes, assets, systems, vendor relationships, etc.
  3. Protect the affected information and demonstrate the ability to continue to do so.

The steps of evaluation and protection requires more than just a checklist. Many businesses will need to hire staff and/or consultants, invest in technology, update processes, etc. While this is expensive, it is much cheaper than the cost of non-compliance. According to the California attorney general’s office, it’s estimated that CCPA could cost organizations up to $55 billion in initial compliance costs. Even further, many experts expect the passage and implementation of an overarching federal regulation, especially since there are already more state regulations in the works.

The Fusion Difference

Many Fusion clients are already prepared to integrate these types of regulations into their programs. With the Fusion Framework System, robust reporting and dashboarding capabilities offer visibility into those applications which touch regulated data and help ensure it has been reviewed by an organization’s governance team for compliance. Users can also create automation rules and workflows that remind owners to review data privacy compliance when onboarding new applications and vendors.

It also allows you to easily modify and configure your assessments to account for and track compliance to specific privacy regulations. Which processes and applications fall under CCPA and what policy and deletion procedures are in place when a consumer permanently opts out? Does that policy include the appropriate public documentation their data has been removed? With Fusion, tracking these answers is as simple as a few clicks.

In addition to providing readiness guides, Fusion clients also reap the benefits of the Salesforce platform ecosystem. From webinars to articles to walkthroughs, our platform partner provides numerous recommendations on how to gain buy-in, build your team, and establish policies and procedures to ensure your organization doesn’t land a hefty fine from regulators.

While there really is no one-size-fits-all approach, partnering with Fusion allows you to leverage both our agile software, as well as our user community, to implement the right solution that fits your organization’s cybersecurity and information privacy posture.

To learn more, check out our data protection regulation page or request a demo to see how Fusion can help your program succeed in a post-CCPA landscape.