The California Consumer Privacy Act or CCPA, took effect on January 1, 2020. Under the Act, California residents have the right to know what personal data is collected about them. They are also entitled to know whether that data is being sold and to whom, and to forbid the sale of that data. The Act gives consumers access to the personal data companies have about them. It also enables them to ask the business to delete that data from its files. In addition, the CCPA forbids discrimination against consumers for exercising their privacy rights.
Any business that buys, receives, or sells the personal information of more than 50,000 consumers or households, or earns more than half its revenues from selling such information, must comply with the California Consumer Privacy Act. Any business that generates gross annual revenues of more than $25 million must comply with the Act as well.
A company that experiences data theft or a security breach can be ordered to pay up to $750 per incident and affected California resident in statutory damages, or actual damages, whichever is greater. A company can also be fined up to $2,500 per unintentional violation and up to $7,500 per intentional violation of the Act.
The CCPA is one of a growing number of privacy protection regulations adopted by multiple countries and U.S. states. Your business must comply with all the regulations in effect wherever you do business. You must also keep pace as these regulations evolve. The challenges are daunting. But the risks of non-compliance range from fines and penalties to destruction of your business’ reputation.
SOC 2 is built upon the System and Organization Controls (SOC) framework developed by the American Institute of Certified Public Accountants (AICPA). That foundation of that framework is five Trust Services Criteria (TSC) — Security, Availability, Processing Integrity, Confidentiality, and Privacy. Compliance requires commitment to controls, or policies, procedures, and processes, that meet the SOC 2 specifications. Compliance with SOC 2 can therefore enhance your ability to keep pace with and credibly demonstrate compliance with evolving regulations such as the CCPA.
Trustero Compliance as a Service (CaaS) is cloud-based, easy-to-use compliance automation software. It is designed to simplify SOC 2 audit readiness and enable continuous compliance. For example, the Trustero solution constantly monitors key components of your technology infrastructure. Trustero Compliance as a Service can notify administrators when one of those components fails or falls out of SOC 2 compliance. Trustero CaaS can help administrators quickly isolate problems, and suggest effective remediation measures. It can also help produce reports on the compliance posture at your company, regularly and on demand. These and other features can help your business achieve and sustain continuous compliance with SOC 2, and maximum agility in response to evolving privacy regulations.