Tag Archives: cacpa

California Consumer Privacy Act (CCPA)

California Consumer Privacy Act (CaCPA)

California Consumer Privacy Act (CCPA)

Compliance Management toolkit addresses California Consumer Privacy Act (CaCPA) and GDPR

CaCPA Goes into effect January 1, 2020 and places new burdens on companies that do business with California residents.  This includes both domestic and international organizations.  Who must comply with CaCPA?

  • Companies that serve California residents and have at least $25 million in annual revenue
  • Companies of any size that have personal data on at least 50,000 people
  • Companies that collect more than half of their revenues from the sale of personal data

Once California regulators notify a company that they are in violation of CaCPA, companies have 30 days to comply. If the issue isn’t resolved, there’s a fine of up to $7,500 per record. In addition, the law allows for penalties of $100 to $750 per consumer per incident, or actual damages, whichever is greater.

What must companies must do to comply

One of the first things they must do is add a clearly visible footer on websites offering consumers the option to opt out of data sharing. If that footer is missing, consumers can sue. One shortcut that companies can follow if they do not share data is to put a comment in a common footnote that data is not shared.

Data covered by CaCPA

The law originally covered employee data in addition to consumer data.  That was amended to exclude employee data.  Companies must allow consumers to choose not to have their data shared with third parties. That means that companies must be able to separate the data they collect according to the users’ privacy choices. A California consumer has the right to find out what information a company collects about them.

After the access request, a company has 45 days to provide them a comprehensive report about what type of information they have, was it sold, and to whom, and if it was sold to third parties over the past 12 months, it must give the names and addresses of the third parties the data is sold to.

The data covered by the law includes:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers
  • Characteristics of protected classifications under California or federal law
  • Commercial information including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies
  • Biometric information
  • Internet or other electronic network activity information including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with a website, application or advertisement
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory or similar information
  • Professional or employment-related information
  • Education information, defined as information that is not publicly available personally identifiable information (PII) as defined in the Family Educational Rights and Privacy Act
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

Compliance Kit Options   Order Industry Standard Compliance Kit

See also

Please follow and like us
error

Compliance Management

Compliance Management Kit Released

Compliance Management

Compliance Management is one of the top concerns of CIOs and other C-Level exeutives.

Compliance Management Kit was just released.  All of the components of the kit were just updated to meet privacy and security madatesdue to GDPR for the EU and CaCPA for the state of California.

The kit comes in 3 versions: Silver, Gold, and Platinum.  Each can be acquired with either 1 year or 2 years of update service.  Janco feels mandates will continue to be added due to this high volume of cyber-attacks and privacy issues that are of concern to individuals and corporations.

First, he Silver version of the kit comes with the Compliance Management White Paper, a self-scoring Security Audit, a PCI Audit Program, and 31 key Job Descriptions including Chief Security Officer (CSO). Second, the Gold version of the kit come with all of that plus two full policies. The policies are the Record Classification and Management Policy and a Privacy Compliance Policy with a detail implementation work plan. The detail wok plan can be utilized right out of the box to ensure that privacy and security are implemented fully within the enterprise.   And third, the Platinum version of the kit comes with everything in the first two, plus Janco’s Security Manual Template.

To learn more about the kit go to https://www.e-janco.com/Compliance.htm.

Order Compliance management KitDownload Selected Pages

Other related posts on this blog:

Please follow and like us
error

CIO Infrastructure Policy Bundle

CIO Infrastructure Policy Bundle Update 2019-02 now available

CIO IT Infrastructure Policy Bundle contains 20 full polices that are easily modified to meet an enterprise’s unique operation environment.

CIO Infrastructure Policy Bundle has just been updated. It inclues both the updated  Record Classification, Management, Retention and Disposition Policy and the BYOD Access and Use Policy. This is all part of the annual review process which Janco is going through for its entire product like of CIO and IT Management tools to validate they meet all of the compliance, security and privacy mandates.

The policies are all part of the overall IT Governance  Model. That model addresses the issues associated with the overall processes associated the design, developement, implementation , and ongoing operation of technology in the ever changing Internet based operational enviroment.

Currently, data classification is an area that CIOs need to address in light of GDPR and CaCPA.

Each of the polices in the CIO IT Infrastructure Policy Bundle can be acquired separately.  See Policy offerings.

Recently Updated:

  1. Blog and Personal Website Policy (revised 01/2019)
  2. BYOD Access and Use Policy (revised 03/2019)
  3. Mobile Device Access and Use Policy (revised 01/2019)
  4. Physical and Virtual Server Security (revised 01/2019)
  5. Record Classification, Management, Retention, and Disposition Policy (revised 03/2019)
  6. Sensitive Information Policy (revised 1/2019)
  7. Travel, Laptop, PDA and Off-Site Meeting Policy (revised 01/2019)

Updated in 2018 – Scheduled to be updated within the next three (3) months:

  1. Backup and Backup Retention Policy
  2. Google Glass Policy
  3. Incident Communication Policy
  4. Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
  5. Outsourcing and Cloud-Based File Sharing Policy
  6. Patch Management Version Control
  7. Privacy Compliance Policy
  8. Service Level Agreement Policy including sample metrics
  9. Social Networking Policy
  10. Technology Acquisition Policy
  11. Telecommuting Policy
  12. Text Messaging Sensitive and Confidential Information
  13. Wearable Devices

Order IT Infrastructure PoliciesDownload Selected Pages

See also: Record Classification

Please follow and like us
error