California Consumer Privacy Act (CCPA) Compliance Services

Are you facing (or unsure if you are facing) compliance with the CCPA? Unsure what exactly constitutes Personal Information (PI), whether consent needs to be explicit, how exhaustive the “right to forget” is, and whether the Privacy Policy that you have posted on your site is an invitation to sue you? If you are looking for answers to your burning CCPA compliance questions, you have landed in the right place.

Whether you need some initial guidance or a team of experts to jump in and run your privacy initiative, we are here to help! With Pivot Point Security as your trusted partner, achieving and maintaining CCPA compliance is a guaranteed reality. Our customers can demonstrate CCPA compliance to California regulators and are uniquely positioned to adapt to future privacy regulations with little additional effort or cost.

Does CCPA Directly Apply to You?

Your business must meet one of the following criteria for the CCPA to directly apply to you:

Your business must generate annual gross revenue more than $25 million,
Your business must receive or share the personal information of more than 50,000 California residents annually, or
Your business must derive at least 50% of its annual revenue by selling the personal information of California residents.

Unfortunately, even if your business doesn’t meet any of these criteria, it is likely still worthwhile—if not essential—for you to comply with the CCPA. Ummm… What?!?!?!?

Privacy Regulations are here, and they are only growing in scope and impact

Dozens of countries and US states are working on similar regulations to the CCPA that will go into effect over the next few years. Europe’s GDPR is already in effect with Brazil (LGPD) and Mexico (FDPL) not far behind.

Even if regulators don’t immediately expect compliance, your clients, suppliers and even employees increasingly will, as privacy controls quickly become “the new normal.”

If you are not facing compliance with a privacy regulation or customer mandate today, you undoubtedly will in the future. A few changes now can make a world of difference when these dual pressures start to intensify.

Why Choose PPS for CCPA Compliance Services?

✔ Privacy and security are inextricably linked – Our security expertise gives you an edge to manage privacy and security holistically.

✔ You gain ISO 27701 & ISO 27018 expertise – This allows you to integrate privacy into an ISO 27001 Information Security Management System (ISMS).

✔ Privacy Principle expertise – We have experience integrating privacy into SOC 2 attestations.

✔ TPRM expertise – You can’t comply with privacy guidelines without managing your third-party risk relating to PII, and we have you covered.

✔ NPS – Our clients are raving fans (ask us for references… PLEASE!)

✔Our services include the use of OneTrust, the leading SaaS Privacy platform, allowing us to leverage automation to get you to compliance faster.

✔ We use only full-time employees (not 1099 consultants/contractors), which allows us to control the quality of work you receive and keep a flexible schedule that works for you.

We practice what we preach. We are ISO 27001 certified, CREST accredited, CCPA conforming, heavily individually certified, and our staff is fully security awareness trained. We became “provably secure” so our clients and key stakeholders can rest assured we are serious about security and compliance—and we can help you get there, too.

How our CCPA Compliance Services work`

✔Scope – Data Mapping exercise to understand the PI you capture, the processes that act on it, the assets that support those processes (systems/personnel/vendors), the data transfers involved, etc.

✔ Risk – Privacy Impact Assessment to understand your inherent PI risk.

✔ Gap – Privacy Gap Assessment to understand the maturity of key information security controls, and then leverage that information to quantify residual risk.

✔ Treatment – Develop risk and gap treatment plans that will feed into your privacy strategic roadmap.

✔ Vision – Establish an over-arching vision for privacy and a roadmap to achieve and maintain it.

What you can expect

If you decide to partner with Pivot Point Security for CCPA Compliance Services, you can expect to:

✔ Attain and maintain CCPA compliance and the ability to prove it.

✔Have a strategic roadmap to achieve both short- and long-term privacy goals.

✔ Have confidence in your privacy standing.

✔ Gain a competitive advantage to win more business.

✔ Have some laughs, hear some “The Office” references, and get quality, actionable advice from experts who live at the juncture of privacy and security every day.

If you decide to go another direction, we wish you nothing but success! But if you find yourself lost on a winding road, unsure where to turn and in need of a guide… you know where to find us.

California Consumer Privacy Act (CCPA) FAQs

What is CCPA?

The most comprehensive US privacy law, the California Consumer Privacy Act (CCPA) is legislation intended to specify and strengthen privacy rights and consumer protection for California residents.

Do I have to comply with CCPA?

An organization must comply with the California Consumer Privacy Act (CCPA) if it is a for-profit entity that collects the personal information (PI) of California residents and meets one or more of these criteria:

✔The business annually buys, receives, sells, or shares the PI of 50.000 or more consumers, households, or devices.

✔ The business has an annual gross revenue of over $25 million.

✔ The business derives 50% or more of its annual revenue from selling consumer’s PI.

Alternatively, you may need to comply via contractual obligation if you process PI on behalf of an organization that is CCPA compliant.

When does CCPA go into effect?

The California Consumer Privacy Act (CCPA) became law on June 28, 2018 and goes into effect on January 1, 2020.