What CCPA Regulates
Businesses must provide two or more methods for consumers to submit requests for information. When requested, a business must disclose the categories and purpose of the data collected, as well as what information the business has sold and to whom.
A business is responsible for deleting personal information requested by a consumer as well as letting consumers know they can request that their personal information be deleted.
At or before the collection of personal consumer information, businesses must inform consumers about the categories of personal information to be collected and the purposes the information will be used.
Consumers can request to opt-out of the sale of their data, and businesses must provide a clear and conspicuous link on their home page, titled ‘Do Not Sell My Personal Information.’ A separate “right to opt-in” is required to sell information about minors.
Businesses aren’t allowed to discriminate against any consumers because they exercised any of their rights.
How We Help Solve CCPA
Compliance with Identity
Unified Customer Profiles and Stored Consent
Our CIAM solution consolidates the multiple silos of customer identity data that are often spread across a large organization. Beyond improving customer experiences across channels, this also makes enforcing individual consent much easier. We make creating new experiences and enhancing existing ones easier by allowing application owners to leverage a unified profile.
Easy Consent Capture and Management
Simplifying consent capture and management through PingDirectory enables you to differentiate between specific attributes and circumstances in order to granularly enforce consent choices based on geographic, corporate, industry or other policies.
Self-managed Customer Profiles
Our CIAM solution allows for intuitive profile management that can fulfill many of the basic requirements of CCPA. With pre-built user interfaces and APIs, customers can easily make edits to their profile data—including consents. With us, you can select which of your partners you want to share your data with as well as the type of data you want to share.
Addresses Cal. Civ. Code § 1798.150(a)(1)
Data Access Governance
PingAuthorize simplifies customer data access governance for businesses and provides a means to enforce compliance for current and future data privacy regulations. With fine-grained control, businesses can create policies that govern the flow of information granted to internal and external applications. No matter which user data applications request from user stores or APIs, we ensure that only compliant data is returned.
Addresses Cal. Civ. Code §§ 1798.150
Secure Customer Data
CCPA doesn’t dictate specific technical requirements for how to store customer data, but it does establish a right of action for data breaches that result from a businesses’ failure to implement and maintain reasonable security practices. Our CIAM solution provides centralized security which encrypts data at rest, in motion and in use. It also mitigates insider attacks, protects log files, enforces secure access to data and integrates with third-party monitoring tools. Multi-factor authentication helps you confirm the identity of your users, quickly increases security and protects data without sacrificing the experience of your customers, employees and partners
CCPA is not GDPR
Preparing for GDPR covers a large portion of CCPA requirements, but CCPA requirements go beyond those of GDPR in some areas. Businesses must consult both regulations to ensure that their data access governance and access processes comply.