Documente Academic
Documente Profesional
Documente Cultură
BREACH
The
Overview of CCPA
Data Inventory
Conclusion
OVERVIEW OF CCPA
DISCOVERY MITIGATION
Determine whether your Alter your privacy and security programs to
organization must be compliant comply
● Your company doesn’t need to be located in California for CCPA to apply to you. In fact, the
International Association for Privacy Professionals (IAPP) estimates that more than half a million
US companies with be directly affected
● Any for-profit entity that does business with California residents has requirements under the law
if it meets any of the following:
○ Your business’ annual revenue is over $25 million
○ Your business receives information of over 50,000 consumers, households, or devices
annually
○ At least ½ of your business’ annual revenue comes from selling personal information
CCPA & PERSONAL DATA
Personal Information: “Any information that directly or indirectly identifies, relates to, describes
or can be associated with or reasonably linked to a California resident or household” and
explicitly includes:
● Name, contact info, government IDs, account numbers
● Biometrics, location data, audio data
● Employment and education history
● Purchase history, behavior, and tendencies
● Online and device IDs
● Search and browsing history and other online activities or from connected devices
● Inferences drawn from any personal info to create a consumer profile
Start
Finish
1. Identifying Business Teams - focus on the process which include the use of personal data
2. Identifying Data processing activities - calls and meetings with the teams to break out
individual tasks - data processing activities
3. Documenting Systems - Asset Inventory - Documents systems and security controls for
technical assets processing personal data
4. Identifying Vendors - Vendor Inventory - Documenting contract and business details for
vendors processing personal data
5. Completing Inventory Entries - Review of data inventory entries for processes, assets &
vendors
MEETING CCPA REQUIREMENTS
● Requires knowing what data your organization holds, the data flow, and internal use of data
Email: support@silentbreach.com
Web: https://silentbreach.com