Security News

Through its strategic alliance, Appian and KPMG LLP formally announce a new offering that supports businesses impacted by the CCPA. Built on Appian's low-code automation platform, the offering helps companies quickly and intelligently respond to data privacy requests, while decreasing manual tasks that run the risk of errors. The State of California is one of the first to approve new privacy laws and under the CCPA, consumers have the right to view their personal data collected by a company, delete their data, and opt-out of the sale of their data.

Organizations who plan on manually processing CCPA data subject requests or data subject access requests will spend between $140k - $275k per million consumer records they have in their systems, according to DataGrail. B2C companies should prepare to process approximately 100 to 194 requests per million consumer records each year.

Killi, a consumer-led privacy application, in partnership with 0ptimus Analytics, a data science and technology company, announced the launch of its CCPA compliant audience taxonomy available now in LiveRamp and available for distribution to any global media buying platform. The Killi audience taxonomy is the first user-generated CCPA audiences derived directly from Killi users' opt-in information in which the consumer's participation provides them with a share of the revenue when purchased by a brand or platform.

The Neustar Identity Verification for CCPA and Neustar Identity Resolution for CCPA services enable organizations to fulfill CCPA requests with assurance of risk mitigation in terms of data breaches or fraud as well as non-compliance. While the act provides certain benefits and protections for consumers, it does introduce some risk: fraudsters may make CCPA requests in an effort to acquire sensitive personal information, and organizations with siloed consumer data may unwittingly find themselves out of compliance - and subject to fines - in cases of unmerged or outdated records.

The Shared Assessments Program issued "CCPA Privacy Guidelines & Checklists," the security and risk industry's first comprehensive set of best practices and tools to help organizations comply with the California Consumer Privacy Act. "As participants networked this past year to share ideas, best practices and pain points, the committee initiated a set of Privacy White Papers to help industry peers navigate and provide checklists to map their progress."

Synthetic data is helping highly regulated companies safely use customer data to increase efficiencies or reduce operational costs, without falling under scope of stringent regulations. The GDPR does not expressly reference synthetic data, but it expressly says that it does not apply to anonymous information: according to UCL, "Information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable." Synthetic data is considered personal data which has been rendered anonymous and therefore falls outside the material scope of the GDPR. Essentially, these important global regulatory mandates do not apply to collection, storage and use of synthesized data.

Security Compass, a software security company that provides organizations with technology to balance secure software development with speed of software delivery, announced that it has added content to SD Elements that enables organizations operating in California to maintain or achieve compliance under the California Consumer Privacy Act. Security Compass customers have immediate access to new content within the SD Elements platform, which was built for automating balanced development.

It's important for security and IT professionals to understand how the California Consumer Privacy Act will affect how they do their jobs. Businesses that fail to comply with CCPA could face penalties of up to $7,500 per violation and individuals can seek damages through a class action.

California Attorney General Xavier Becerra recently issued modified draft regulations to carry out the California Consumer Privacy Act that are designed to help businesses take a more pragmatic approach to privacy. The proposed regulations clarify, for example, that businesses are not obligated to search for personal information in response to a consumer's request if certain conditions are met, says Caitlin Fennessy, research director at the International Association of Privacy Professionals.

GoodData, a leader in end-to-end analytics solutions, announced that its data analytics platform now provides immediate compliance with the new California Consumer Privacy Act, considered the most stringent consumer data privacy act in the United States. "We are in a new era of data privacy. Companies need to comply with new and tougher laws and better serve their customers by meeting new standards for data privacy," said GoodData CEO, Roman Stanek.