California Consumer Privacy Act (CCPA) Compliance Program

VeraSafe will guide you through a discovery exercise to build an inventory of the Personal Information (“PI”) that your business collects, stores, and shares with others. Apart from being the basis of your entire CCPA compliance project (and other privacy laws, such as the GDPR), mapping your personal data promotes organizational hygiene, helps illuminate problematic practices and security risks, and uncovers operational inefficiencies.

VeraSafe will review and revise your organization’s privacy policies, including client and employee facing privacy notices, or draft new privacy notices to comply with the CCPA.

Our experts will analyze each information system within the scope of your exposure to the CCPA and identify instances where changes need to be made to prepare to honor consumer rights requests such as those concerning the right to object to the sale of one’s information, the right to deletion, and the right to request information. Next, VeraSafe helps you mitigate all compliance gaps (from both a legal perspective and technical perspective) and design practical solutions to achieve compliance. VeraSafe will also review your websites and advise and assist you with the “Do not Sell My Information” requirement.

VeraSafe can lead the successful renegotiation of contractual terms with your vendors, as required by the CCPA, in order to avoid the provision of personal information to those vendors being classified as a sale of such information (from which Californian consumers may opt-out). Further, VeraSafe will ensure that those vendors are obliged to assist you in satisfying your own CCPA obligations, where relevant.

Our mature vendor management methodology includes an internal database of key contacts and tried-and-true procedures used to negotiate with common vendors. VeraSafe is your ideal partner when it comes to vendor compliance.

VeraSafe will help you to develop a rapid response plan for any potential incident, such as a data breach, that would allow California residents to exercise their private right of action (i.e., a lawsuit against your business for failure to comply with the CCPA). Infringements of the business’ duty to maintain reasonable security procedures and practices are subject to statutory penalties that range between USD$100 and USD$750 per incident (e.g., per record of breached data), additional actual damages, and injunctive relief.

VeraSafe can simulate a real-world cyber-attack on your business, which can unlock vulnerabilities in your applications, networks, devices, and staff, with the objective of identifying weaknesses before hackers do. Click here for more information regarding our penetration testing services.

VeraSafe provides a proprietary all-in-one privacy and security training program: PrivacyTrain. This integrated learning management system includes popular computer-based training content, which can be applied across your entire organization to reduce the risk of a devastating data breach caused by employee error. Detailed reporting helps you document and demonstrate compliance.