Qostodian Data Security Platform
PRODUCTS
Ready to eliminate your blindspots?
By Coverage
By Industry
Discover the power of Qostodian!
Latest news posts
Interested in working for Qohash?
Sep 20, 2023
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are considered the most comprehensive consumer data privacy laws in the U.S., and a benchmark for other states.
CCPA was enacted to enhance privacy rights of California residents by setting guidelines on how businesses should handle private consumer information. CPRA, also known as CCPA 2.0, builds on CCPA’s foundation and enhances consumer privacy protections, as well as the obligations for companies and organizations that process personal information.
CCPA has been fully enforceable since July 2020. Businesses have until January 1, 2023 to become CPRA compliant.
CPRA’s amendments to CCPA apply to any for-profit business that collects personal information on California-based consumers and meets any of the below criteria:
Note: Businesses need not have operations or employees in CA in order to be subject to CPRA.
CCPA does not apply to nonprofit orgs or government agencies. Other exemptions include:
For purposes of CCPA, a California resident is defined as an individual who uses California residency for income tax purposes. CCPA does not protect consumers who are temporarily in the state of California.
The CCPA defines “personal information” as information that identifies, relates to, describes, is reasonably capable of being associated with a particular consumer or household. This includes: name, address, birthday, biometric data, social security number, telephone number, email address, and any other information linkable to a specific individual.
Sensitive Personal Information is a subset of personal information newly defined in the CPRA. SPI is personal information that reveals:
The CCPA offers two exemptions:
Neither the CCPA and CPRA extend to data already protected by other laws, such as:
The CCPA creates six specific rights for consumers:
The CPRA creates three additional rights:
The CPRA creates and transfers all rulemaking and enforcement authority from the California attorney general to the new state agency, the California Privacy Protection Agency.
The CPRA tightens enforcement, removing the mandatory 30-day cure period that businesses currently enjoy under the CCPA and tripling penalties for violations that involve minors under the age of 16. The law also expands the types of data breaches that are considered within the scope of the data breach private right of action to include breaches of a username or email address, in combination with a password or security question and answer that would permit access to an online account.
Penalties include:
Monitor sensitive data risk around the clock and receive alerts the instant risky accumulation, deletion or exfiltration occurs. If an incident occurs, use keyword search to look up a specific data element and track the full data lineage, including the exact location where the data got out of an environment, where it ended up – every touch point in between.
Qohash provides a complete inventory of sensitive, unstructured data at-rest. Qohash discovers sensitive data 50x faster than alternatives, across any data source, in any location. Qohash provides labeling, classification, custom RegEx and keyword searches, plus ranked and contextualized risk.
Run keyword searches by name, date, credit card number and more to find all copies of sensitive data across business systems. See which categories of sensitive data are stored on business systems. See how specific data elements moved across employees and locations. Delete data directly within the platform to show compliance with data deletion requests in any location – including endpoints.
A foundational step in conducting a risk assessment, Qohash provides an inventory of regulated data across every data source. It provides access control lists for evaluation as to whether those with access have a legitimate business need for it. Gain insight into all sensitive data critical exposure points. See how much sensitive data is on business systems and who has access to it. Put policies in place, configure risk levels appropriate to the business, and receive notifications the instant policy violations occur.
Qohash provides auditors with evidence that sensitive data is monitored and cross-referenced to employee interactions, enabling in-the-moment policy enforcement. Qohash looks into files to track data elements. It monitors those elements and cross-references them to employees and locations. Know the instant an employee has a risky interaction with sensitive data. Trace the lineage of any data element that moves onto workstations, for faster remediation.
Quickly create an access control list of all regulated data. Provide evidence of restrictions and show regular evaluation of whether those with access have a legitimate business need for it.
Latest posts