CCPA: New Requirements for Customer Data Management

CCPA: New Requirements for

Customer Data Management

Embrace data privacy and transparency with

a flexible customer identity solution

learn about ciam

Build Privacy on an Identity Foundation

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) will grant California resident’s rights over their online personal information. This is considered by many to be the first strong privacy regulation enacted within the United States. Despite its name, this regulation doesn’t just affect businesses located in California, it has broad implications for organizations worldwide. 

To help you collect, manage and enforce consent, look no further than our customer identity and access management (CIAM) solution. We can help you deliver seamless, personalized experiences that are CCPA-compliant and position you to comply with future privacy regulations as well (or updates to existing ones) while building customer trust.

What CCPA Regulates

  • The Right to Disclosure

    Businesses must provide two or more methods for consumers to submit requests for information. When requested, a business must disclose the categories and purpose of the data collected, as well as what information the business has sold and to whom.

  • The Right to Deletion

    A business is responsible for deleting personal information requested by a consumer as well as letting consumers know they can request that their personal information be deleted.

  • The Right to Access

    At or before the collection of personal consumer information, businesses must inform consumers about the categories of personal information to be collected and the purposes the information will be used.

  • The Right to Opt-Out

    Consumers can request to opt-out of the sale of their data, and businesses must provide a clear and conspicuous link on their home page, titled ‘Do Not Sell My Personal Information.’ A separate “right to opt-in” is required to sell information about minors.

  • The Right to Non-Discrimination

    Businesses aren’t allowed to discriminate against any consumers because they exercised any of their rights.

How We Help Solve CCPA

Compliance with Identity

Addresses Cal. Civ. Code Articles §§ 1798.100, 1798.110, 1798.115, 1798.105


Unified Customer Profiles and Stored Consent

Our CIAM solution consolidates the multiple silos of customer identity data that are often spread across a large organization. Beyond improving customer experiences across channels, this also makes enforcing individual consent much easier. We make creating new experiences and enhancing existing ones easier by allowing application owners to leverage a unified profile. 


Addresses Cal. Civ. Code §§ 1798.140 (b), (o), 1798.120, 1798.135


Easy Consent Capture and Management

Simplifying consent capture and management through PingDirectory enables you to differentiate between specific attributes and circumstances in order to granularly enforce consent choices based on geographic, corporate, industry or other policies.

Addresses Cal. Civ. Code §§ 1798.100(d), 1798.110, 1798.115


Self-managed Customer Profiles

Our CIAM solution allows for intuitive profile management that can fulfill many of the basic requirements of CCPA. With pre-built user interfaces and APIs, customers can easily make edits to their profile data—including consents. With us, you can select which of your partners you want to share your data with as well as the type of data you want to share.

Addresses Cal. Civ. Code § 1798.150(a)(1)


Data Access Governance

PingDataGovernance simplifies customer data access governance for businesses and provides a means to enforce compliance for current and future data privacy regulations. With fine-grained control, businesses can create policies that govern the flow of information granted to internal and external applications. No matter which user data applications request from user stores or APIs, we ensure that only compliant data is returned.

Addresses Cal. Civ. Code §§ 1798.150


Secure Customer Data

CCPA doesn’t dictate specific technical requirements for how to store customer data, but it does establish a right of action for data breaches that result from a businesses’ failure to implement and maintain reasonable security practices. Our CIAM solution provides centralized security which encrypts data at rest, in motion and in use. It also mitigates insider attacks, protects log files, enforces secure access to data and integrates with third-party monitoring tools. Multi-factor authentication helps you confirm the identity of your users, quickly increases security and protects data without sacrificing the experience of your customers, employees and partners

CCPA is not GDPR

Preparing for GDPR covers a large portion of CCPA requirements, but CCPA requirements go beyond those of GDPR in some areas. Businesses must consult both regulations to ensure that their data access governance and access processes comply.

Learn more about these primary Ping products that can put you on the right path to CCPA compliance.

Take the Next Step

See how Ping can help you stay ahead of the curve in a rapidly evolving digital world.