Your readiness for the California Consumer Privacy Act (CCPA)
CCPA’s privacy requirements go into effect in January 2020, so the clock has already started. While this is specific to CA for now, privacy related legislation will likely be enacted broadly across United States soon. Exavalu can help assess your data privacy risk and help you be and stay compliant.
Many companies are not fully prepared to address the emerging global privacy regulations like GDPR and CCPA targeting protection of personal information of consumers. CCPA for example, targets any company doing business in CA with a customer base of exceeding 50,000; or with over $25 million annual revenue; or deriving more than 50% of its revenue selling consumers’ personal information. It’s subordinates and overlaps with other existing privacy laws like GLBA, DPPA etc.
Companies serving or employing CA residents will be impacted so they would need the following:
Comprehensive inventory and controls around personal data
Understanding and controls around ‘selling data’ to other parties
Provision for individual rights to data access and deletion of personal data
Provision for individual rights to opt-out of selling data
Update SLAs with 3rd party data processors
Remediation of IT security vulnerabilities to prevent leakage of personal data
Remediation for CCPA is a complex effort due to wide-ranging impacts on consumer facing capabilities, business operations, and IT systems. There’s potential for organizations to be exposed to external legal action including class action lawsuits and regulatory penalties should remediation be not satisfactory to meet demands of the law. Exavalu has experience on CCPA remediation with the necessary business, legal, and technology expertise to rapidly assess organizational risk and deploy solutions. We could either take on and deliver entire programs or help clients on specific aspects of CCPA remediation including the following:
CCPA Assessment: While most organizations are yet to commission programs around CCPA, Exavalu has been working closely with companies who’re taking a proactive stance to comply with CCPA. We bring understanding of data privacy regulations and CCPA and can quickly conduct privacy risk assessments and develop customized remediation plans. We understand nuances of consumer data in online and offline data stores, business processes to orchestrate access and delete requests, and technology systems that are necessary to fully comply with CCPA. We bring an organized approach including methodology, toolkits and templates to conduct risk assessments, rapidly identify data sources/lineage, and develop targeted plans for remediation.
Program Management: We have seasoned data privacy program leaders with understanding of CCPA who also blend business & technology leadership experience to develop & execute high impact enterprise-wide programs like CCPA. Most often, this needs collaborative working with enterprise functions like Legal, Marketing, HR, line of business unit leadership, data organizations, IT, Security, Risk/ Compliance, and 3rd party vendors. We bring a systematic and disciplined approach to program management.
Solution Definition: Exavalu has developed an integrated solution toolkit that includes: (a) future-state business process blueprints, (b) best-of-breed technology components from 3rd party vendors for BPM, data discovery/ management, services integration, storage etc. and (c) proprietary templates, scripts, and technical resources that are accelerators for CCPA remediation. Where suitable, we work with your existing technology assets/investments to integrate these components into your environment to reduce costs and expedite solution delivery
System Integration: Exavalu has the technology systems integration experience with global teams that work together with client teams to rapidly deliver these solutions. We work collaboratively with client IT and business stakeholders to ensure technology remediation goes together with changes to business processes needed for compliance.
Change management, deployment and support: CCPA solutions will impact several business units within your organization. We bring change management methodology, communication plans, artifacts and trained resources to ensure that all impacted units are organized and prepared to support the implementation. We offer managed support services that not only maintain the solution but also keep it up to date with the latest developments of the law with regular releases.