Additional Modifications to the CCPA
Since CCPA came into effect the California Attorney General, Xavier Becerra, has issued additional guidance to help explain and clarify certain parts of the law.
Privacy By Design
Privacy By Design is a key concept in the study of modern data privacy. It’s incorporated into the text of the GDPR as a core principle, and its influence is considerable across a number of data privacy laws worldwide.
Data Subject Rights
Individual data rights are at the core of all the major pieces of data privacy legislation. They are a bundle of rights aimed at letting individuals exert control over the way that their data is collected, stored, and processed by other parties. Each data right below is substantive enough to consider independently, but seeing the list together provides a useful overview.
The CCPA’s “Do Not Sell My Personal Information” Provision
The state of California has come up with a unique solution to deal with data privacy concerns of its citizens by including a “Do Not Sell My Personal Information” provision in the CCPA. This lets consumers deny or withdraw consent to businesses who might otherwise use their data for profit or research purposes
Data Lifecycle Phases
In Ethyca, a Data Lifecycle Phase (DLP) is a value or set of values assigned to a particular data use case in the Ethyca application. The phases associated with a use case influence how Ethyca displays the use case on your data map.
Consent Processing
“Consent” is a fundamental part of processing user data. It has a special place at the heart of digital privacy theory. Given the importance of consent, it shouldn’t be surprising that there’s plenty of legal wrangling over how it’s defined.
Data Minimization
Data Minimization is a privacy concept that’s written into GDPR and is a best-practice for privacy-conscious businesses worldwide. It holds that businesses should collect and process only the bare minimum amount of data needed to accomplish a goal.
Data Privacy vs. Data Security
“Data Privacy” and “Data Security” are two terms that can sometimes be used interchangeably, especially by those who aren’t in the field of data protection. However, in this particular sector, they mean two very different things. Understanding the relationship between them is essential for grasping the complexity of regulatory compliance.
Private Right of Action
The Private Right of Action in CCPA can be defined as a right that allows individuals to sue organizations for data violations even in the case of a third-party breach. It is a highly debated topic in privacy law that is handled differently across the globe. The Private Right of Action is the ultimate enforcer of an organization’s commitment to keeping individual data safe, but with such a strong check comes risk.
Data Breach Notifications
A data breach when information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways, and the GDPR and the CCPA outline specific protocols that businesses must follow in the event that it occurs.