The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) ensures that consumers within California have control over the data which companies collect on them, control over the privacy of that data and the ability to require that organizations manage their data responsibility.
Vendors that provide compliance or privacy management technology simply facilitate workflow mechanisms that rely on connections to additional systems, to enact any policy put in place and greatly aggravate data leakage vulnerabilities. Ensighten's comprehensive solution enforces privacy preferences and requests in real time without the need to interact with any other supply chain technology, therefore eliminating the risk of data leakage. The solution is a unique combination of compliance and security.
Read our 15-minute guide to CCPA compliance and data loss prevention
Many solutions such as compliance workflow tools work on the premise of analyzing data and then acting upon it later – when a user makes a privacy request, then a further request is made to downstream providers to act upon – which can take time and passes data onto third parties without the users consent, creating various data leakage concerns.
Conversely, because Ensighten’s technology has the ability to control data access, enforcement is in real time. This results in a solution that not only provides compliance from the moment that a consent choice is made, but also ensures that data is not passed on without the user's consent, thus protecting against data leakage.
Many organizations generate revenue through avenues such as advertising, but this can be affected by the consent choices made by users. The CCPA/CPRA requires giving users the right to opt out of the sale of their information, with the opt-out offered via a prominent link on the website.
Advertisers offer options such as restricted data processing, but many do not, leaving most organizations to simply prevent the display of advertisements when certain consent choices have been made.
Ensighten’s solution provides the ability to mask specific types of data, such as email addresses, telephone numbers, IP addresses, social security numbers and more, preventing the transmission of personal data without needing to block advertising completely.
The risk of not enforcing consumer choice
Lack of compliance with the CCPA/CPRA could ultimately result in data leakage, fines and lawsuits, and the first cases are already beginning to hit the courts. With website data theft being at an all-time high, cybercriminals are looking to small and large businesses to exploit sensitive information through a variety of methods.
Even with this in mind, many organizations still opt to take a ‘wait-and-see' approach believing that they can remediate after an issue or that they will not be the focus of a lawsuit. Consider though, in Europe, we have seen that GDPR penalties have been significant and come down in favor of the consumer.
It is important to remember that when looking for a compliance solution, workflow solutions do not prevent data leakage – instead they aggravate the vulnerabilities associated with third-party website technologies.