CCPA: New Requirements for
Customer Data Management
Embrace data privacy and transparency with
a flexible customer identity solution
learn about ciamBuild Privacy on an Identity Foundation
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) will grant California resident’s rights over their online personal information. This is considered by many to be the first strong privacy regulation enacted within the United States. Despite its name, this regulation doesn’t just affect businesses located in California, it has broad implications for organizations worldwide.
To help you collect, manage and enforce consent, look no further than our customer identity and access management (CIAM) solution. We can help you deliver seamless, personalized experiences that are CCPA-compliant and position you to comply with future privacy regulations as well (or updates to existing ones) while building customer trust.
What CCPA Regulates
Businesses must provide two or more methods for consumers to submit requests for information. When requested, a business must disclose the categories and purpose of the data collected, as well as what information the business has sold and to whom.
A business is responsible for deleting personal information requested by a consumer as well as letting consumers know they can request that their personal information be deleted.
At or before the collection of personal consumer information, businesses must inform consumers about the categories of personal information to be collected and the purposes the information will be used.
Consumers can request to opt-out of the sale of their data, and businesses must provide a clear and conspicuous link on their home page, titled ‘Do Not Sell My Personal Information.’ A separate “right to opt-in” is required to sell information about minors.
Businesses aren’t allowed to discriminate against any consumers because they exercised any of their rights.
How We Help Solve CCPA
Compliance with Identity
Addresses Cal. Civ. Code Articles §§ 1798.100, 1798.110, 1798.115, 1798.105
Unified Customer Profiles and Stored Consent
Our CIAM solution consolidates the multiple silos of customer identity data that are often spread across a large organization. Beyond improving customer experiences across channels, this also makes enforcing individual consent much easier. We make creating new experiences and enhancing existing ones easier by allowing application owners to leverage a unified profile.
Addresses Cal. Civ. Code §§ 1798.140 (b), (o), 1798.120, 1798.135
Easy Consent Capture and Management
Simplifying consent capture and management through PingDirectory enables you to differentiate between specific attributes and circumstances in order to granularly enforce consent choices based on geographic, corporate, industry or other policies.
Addresses Cal. Civ. Code §§ 1798.100(d), 1798.110, 1798.115
Self-managed Customer Profiles
Our CIAM solution allows for intuitive profile management that can fulfill many of the basic requirements of CCPA. With pre-built user interfaces and APIs, customers can easily make edits to their profile data—including consents. With us, you can select which of your partners you want to share your data with as well as the type of data you want to share.
Addresses Cal. Civ. Code § 1798.150(a)(1)
Data Access Governance
PingAuthorize simplifies customer data access governance for businesses and provides a means to enforce compliance for current and future data privacy regulations. With fine-grained control, businesses can create policies that govern the flow of information granted to internal and external applications. No matter which user data applications request from user stores or APIs, we ensure that only compliant data is returned.
Addresses Cal. Civ. Code §§ 1798.150
Secure Customer Data
CCPA doesn’t dictate specific technical requirements for how to store customer data, but it does establish a right of action for data breaches that result from a businesses’ failure to implement and maintain reasonable security practices. Our CIAM solution provides centralized security which encrypts data at rest, in motion and in use. It also mitigates insider attacks, protects log files, enforces secure access to data and integrates with third-party monitoring tools. Multi-factor authentication helps you confirm the identity of your users, quickly increases security and protects data without sacrificing the experience of your customers, employees and partners
CCPA is not GDPR
Preparing for GDPR covers a large portion of CCPA requirements, but CCPA requirements go beyond those of GDPR in some areas. Businesses must consult both regulations to ensure that their data access governance and access processes comply.
Learn more about these primary Ping products that can put you on the right path to CCPA compliance.
Start Today
See how Ping can help you deliver secure employee and customer experiences in a rapidly evolving digital world.
Request a free demo
Thank you! Keep an eye on your inbox. We’ll be in touch soon.