CCPA Compliance

SecuPi has built a platform that enables organizations to easily implement the technical tooling for meeting the California Consumer Privacy Act (CCPA) requirements across business applications. The SecuPi platform provides discovery, monitoring and controls for achieving the CCPA compliance, which is deployed with no code changes and within days, dramatically reducing the cost and time that would be otherwise needed for achieving compliance across hundreds of applications.

Capabilities

Comprehensive Audit
Full audit logs to cover all personal data processing and data access activities for ‘Right of Access’
Pseudonymization
SecuPi’s real-time redaction capabilities enable quick and simple data minimization and pseudonymization for users and processes
Consent Processing Controls
Using Dynamic Data Masking and redaction, SecuPi can disable access to data subjects where consent wasn’t given, or where the customer requested to opt-out.
Deletion/Erasure
SecuPi provides both logical and physical deletion & anonymzation for the ‘Right to be Forgotten’ requirement
Data Protection
SecuPi protects data using enhanced visibility into any sensitive data flow and access and various masking and deletion methods.
Breach Notification
Quickly know who accessed which data to comply with the personal data breach notification requirement

CCPA Coverage by Article

Article # | Article Name
1
Right to Access

Organizations subject to the CCPA must honor consumers’ requests regarding the right to access their personal information.

How can SecuPi help?

SecuPi’s audit logs are clear and factual and can show which processor accessed which data, as well as providing full transcript of the processing activities done through the application. Since the SecuPi agent is deployed on the application server, it has access to all relevant information, including which user was used to process the information, timestamp, URI, etc. SecuPi enables to map data-flows and provides the ability to granularly audit and control it to maintain access on a “need to know basis” and use data in line with its purpose.

2
Right to Delete

Organizations are obligated to delete consumers’ request regarding the right to delete their personal information.

How can SecuPi help?

On the application level, SecuPi redacts information of consumers who requested to be forgotten (referred to as “Soft Deletion” or “logical deletion” ) in cases where data cannot be deleted (such as in big data environments, or during retention period). On the database level, SecuPi can apply physical deletion to fully delete personal consumer information.

3
Right to Opt Out

The consumer has the option to opt out of the sale of their personal information (1798.135 (a)(1)).

How can SecuPi help?

Using Dynamic Masking and redaction, SecuPi can enforce consumer requests to opt-out and disable access to data subjects where consent wasn’t given or where the consumer requested to restrict processing of personal data.

 

4
Children’s Information

Children under 16 do not have to opt-out in order to protect the sale of their personal information. It is not sellable unless expressly authorized otherwise (art. 1798.120(d)).

How can SecuPi help?

SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing consumer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

5
Privacy Policies

CCPA requires organizations to disclose the categories of personal information collected and the purpose regarding their collection and later usage.

How can SecuPi help?

Combining data discovery & classification and user activity monitoring, SecuPi enables the organization to map personal consumer data, classify it based on categories, and audit how this data was used. This dramatically simplifies the process of disclosing data based on categories and link them to the purpose of usage.

Article 1 - Right to Access

Organizations subject to the CCPA must honor consumers’ requests regarding the right to access their personal information.

How can SecuPi help?

SecuPi’s audit logs are clear and factual and can show which processor accessed which data, as well as providing full transcript of the processing activities done through the application. Since the SecuPi agent is deployed on the application server, it has access to all relevant information, including which user was used to process the information, timestamp, URI, etc. SecuPi enables to map data-flows and provides the ability to granularly audit and control it to maintain access on a “need to know basis” and use data in line with its purpose.

Article 2 - Right to Delete

Organizations are obligated to delete consumers’ request regarding the right to delete their personal information.

How can SecuPi help?

On the application level, SecuPi redacts information of consumers who requested to be forgotten (referred to as “Soft Deletion” or “logical deletion” ) in cases where data cannot be deleted (such as in big data environments, or during retention period). On the database level, SecuPi can apply physical deletion to fully delete personal consumer information.

Article 3 - Right to Opt Out

The consumer has the option to opt out of the sale of their personal information (1798.135 (a)(1)).

How can SecuPi help?

Using Dynamic Masking and redaction, SecuPi can enforce consumer requests to opt-out and disable access to data subjects where consent wasn’t given or where the consumer requested to restrict processing of personal data.

 

Article 4 - Children’s Information

Children under 16 do not have to opt-out in order to protect the sale of their personal information. It is not sellable unless expressly authorized otherwise (art. 1798.120(d)).

How can SecuPi help?

SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing consumer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

Article 5 - Privacy Policies

CCPA requires organizations to disclose the categories of personal information collected and the purpose regarding their collection and later usage.

How can SecuPi help?

Combining data discovery & classification and user activity monitoring, SecuPi enables the organization to map personal consumer data, classify it based on categories, and audit how this data was used. This dramatically simplifies the process of disclosing data based on categories and link them to the purpose of usage.

Want to see our product in action? Join us for a Demo!
Apply for this Job

Or send your resume at text@secupi.com
Thank for you applying
We will be in touch shortly.