RiskQ’s CCPA compliance solution will work for you
Save your team from weeks of research and thousands of dollars in consulting fees with RiskQ’s CCPA compliance solution. Respond to inquiries and demonstrate compliance with RiskQ’s automated CCPA reports.
California Consumer Privacy Act: are you in the scope?
First things first: who does the CCPA affect? Any for profit business needs to comply with the CCPA if they meet any of the following criteria:
More than $25 million in annual gross revenues
Buy, receives for a commercial purpose, sell, or shares the personal information of 50,000 or more consumers, households, or devices, per annum
Derives 50 percent or more of its annual revenues from selling consumers’ personal information
What puts your business in the scope of CCPA?
The CCPA outlines many categories of personal information. The outlines are quite wide and include the following:
Identifiers, e.g., name, address, etc.
Customer records information, e.g., medical information, policy numbers, social security number, etc.
Biometric information, e.g., face, fingerprint, etc.
Characteristics, e.g., gender, race, etc.
Online activity, e.g., internet activity, etc.
Geolocation
Inferences, e.g., behavioral indicators that build up a profile of a person
Being respectful of people’s data privacy is now an integral part of modern business. But must an SMB meet the stringent regulations of the California Consumer Privacy Act (CCPA)? Read More
What are the fines of not complying with the CCPA?
Not complying with the CCPA and losing client records can lead to heavy fines. They range from $2500 up to $7500 for each record lost unintentionally or intentionally.
The size of your business carries no weight when it comes to fines. Also, business owners should remember that a customer can sue the company for losing personal information.
What are the consumer rights when it comes to CCPA?
The rights of the consumer relates to the use of personal information for business purposes. The following rights are stated in the California Consumer Privacy Act and any organization in the scope of CCPA has to take action accordingly:
The consumer has the right to:
Delete personal information
Correct inaccurate personal information
Know what personal information is being collected
Access personal information
Know what personal information is sold or shared and to whom
Opt-out of sale or sharing of personal information
Limit use and disclosure of sensitive personal information
No retaliation following opt-out or exercise of other rights
Should the business conduct security assessments?
Security and risk assessments are required, and they use a set of cybersecurity control tests. With RiskQ, you can choose any of the following, but not limited to:
NIST Cybersecurity Framework
CIS Top 20 Framework
ISO 27001 Framework
PCI-DSS Framework
What about third-party contracts and supply chains?
The firm must consider their relationships as service providers with larger organizations and reflect the situation vis-à-vis CCPA in their business contracts to help govern relationships with customers. It is vital to identify third parties involved in data processing, for example, payment processing vendors. These relationships must be defined within contracts that capture the CCPA opt-out rules. A privacy policy posted on their website that reflects the requirements of the CCPA. CCPA compliance training to prevent the mishandling of personal information.
A risk assessment that demonstrates appropriate security measures in place, e.g., encryption, 2FA, etc.
Knowing your vendor financial exposure is key. RiskQ shows you how much exposure each vendor has and identifies the gaps in their cybersecurity program.
RiskQ shows you how much exposure each vendor has and identifies possible gaps in the cybersecurity program.
Automated CCPA compliance check
With RiskQ’s CCPA compliance solution, you can save thousands of dollars and weeks of research. We connect to your systems and technologies on AWS and automatically identify which systems are in scope for CCPA, allowing us to quickly fix possible issues.
RiskQ will help you to get and remain CCPA compliant
RiskQ will help you to understand the CCPA requirements better. Our solution includes a step-by-step guide on how to get and remain CCPA compliant: this includes, for instance, 114 controls and 30 legal-vetted policy templates. There is no need to reinvent the wheel and spend more time and money than necessary: RiskQ will eliminate all the extra effort.
Automate evidence collection
RiskQ uses read-only integrations to connect with the business tools you already use to automate evidence collection. As CCPA requires you to be able to prove your security, RiskQ helps you to do so by connecting commonly used identity providers, cloud storage services, and version control systems to RiskQ.
Once they have been connected, RiskQ’s risk assessment tool immediately recognizes and prioritizes any discovered security gaps.
Continuous monitoring keeps you secure
You will be able to remain compliant and secure with RiskQ’s continuous security monitoring service. RiskQ runs hourly checks on your connected services to ensure they are set up securely. In addition, we continuously check for common security risks, like unencrypted storage, open ports, or lack of MFA. If we find threats or risk gaps, we will immediately alert your team.
Manage the CCPA policies
Included in our solution is RiskQ’s library of legal-vetted policy templates that allow you to quickly translate business practices into public facing policies. The RiskQ’s CCPA policy templates can also be used to establish clear procedures on Consumer Access Requests (CAR).
Prove your CCPA compliance with thorough reports
With RiskQ’s automated CCPA compliance reports, you will always know where your company stands. You can even give your customers access to password protected compliance reports.
When it comes to staying CCPA compliant, RiskQ has you covered.
We use cookies to optimize our website and our service.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.