RiskQ’s CCPA compliance solution will work for you

Save your team from weeks of research and thousands of dollars in consulting fees with RiskQ’s CCPA compliance solution. Respond to inquiries and demonstrate compliance with RiskQ’s automated CCPA reports.

Основные RGB

California Consumer Privacy Act: are you in the scope?

First things first: who does the CCPA affect? Any for profit business needs to comply with the CCPA if they meet any of the following criteria:

● More than $25 million in annual gross revenues
● Buy, receives for a commercial purpose, sell, or shares the personal information of 50,000 or more consumers, households, or devices, per annum
● Derives 50 percent or more of its annual revenues from selling consumers’ personal information

What puts your business in the scope of CCPA?

The CCPA outlines many categories of personal information. The outlines are quite wide and include the following:

● Identifiers, e.g., name, address, etc.
● Customer records information, e.g., medical information, policy numbers, social security number, etc.
● Biometric information, e.g., face, fingerprint, etc.
● Characteristics, e.g., gender, race, etc.
● Online activity, e.g., internet activity, etc.
● Geolocation
● Inferences, e.g., behavioral indicators that build up a profile of a person

What are the fines of not complying with the CCPA?

Not complying with the CCPA and losing client records can lead to heavy fines. They range from $2500 up to $7500 for each record lost unintentionally or intentionally.

The size of your business carries no weight when it comes to fines. Also, business owners should remember that a customer can sue the company for losing personal information.

What are the consumer rights when it comes to CCPA?

The rights of the consumer relates to the use of personal information for business purposes. The following rights are stated in the California Consumer Privacy Act and any organization in the scope of CCPA has to take action accordingly:

The consumer has the right to:

● Delete personal information
● Correct inaccurate personal information
● Know what personal information is being collected
● Access personal information
● Know what personal information is sold or shared and to whom
● Opt-out of sale or sharing of personal information
● Limit use and disclosure of sensitive personal information
● No retaliation following opt-out or exercise of other rights

Should the business conduct security assessments?

Security and risk assessments are required, and they use a set of cybersecurity control tests. With RiskQ, you can choose any of the following, but not limited to:

● NIST Cybersecurity Framework
● CIS Top 20 Framework
● ISO 27001 Framework
● PCI-DSS Framework

What about third-party contracts and supply chains?

The firm must consider their relationships as service providers with larger organizations and reflect the situation vis-à-vis CCPA in their business contracts to help govern relationships with customers. It is vital to identify third parties involved in data processing, for example, payment processing vendors. These relationships must be defined within contracts that capture the CCPA opt-out rules. A privacy policy posted on their website that reflects the requirements of the CCPA. CCPA compliance training to prevent the mishandling of personal information.

A risk assessment that demonstrates appropriate security measures in place, e.g., encryption, 2FA, etc.

Knowing your vendor financial exposure is key. RiskQ shows you how much exposure each vendor has and identifies the gaps in their cybersecurity program.

RiskQ shows you how much exposure each vendor has and identifies possible gaps in the cybersecurity program.

Automated CCPA compliance check

With RiskQ’s CCPA compliance solution, you can save thousands of dollars and weeks of research. We connect to your systems and technologies on AWS and automatically identify which systems are in scope for CCPA, allowing us to quickly fix possible issues.

RiskQ will help you to get and remain CCPA compliant

RiskQ will help you to understand the CCPA requirements better. Our solution includes a step-by-step guide on how to get and remain CCPA compliant: this includes, for instance, 114 controls and 30 legal-vetted policy templates. There is no need to reinvent the wheel and spend more time and money than necessary: RiskQ will eliminate all the extra effort.

Automate evidence collection

RiskQ uses read-only integrations to connect with the business tools you already use to automate evidence collection. As CCPA requires you to be able to prove your security, RiskQ helps you to do so by connecting commonly used identity providers, cloud storage services, and version control systems to RiskQ.

Once they have been connected, RiskQ’s risk assessment tool immediately recognizes and prioritizes any discovered security gaps.

Continuous monitoring keeps you secure

You will be able to remain compliant and secure with RiskQ’s continuous security monitoring service. RiskQ runs hourly checks on your connected services to ensure they are set up securely. In addition, we continuously check for common security risks, like unencrypted storage, open ports, or lack of MFA. If we find threats or risk gaps, we will immediately alert your team.

Manage the CCPA policies

Included in our solution is RiskQ’s library of legal-vetted policy templates that allow you to quickly translate business practices into public facing policies. The RiskQ’s CCPA policy templates can also be used to establish clear procedures on Consumer Access Requests (CAR).

Prove your CCPA compliance with thorough reports

With RiskQ’s automated CCPA compliance reports, you will always know where your company stands. You can even give your customers access to password protected compliance reports.

When it comes to staying CCPA compliant, RiskQ has you covered.