Financial Crime World

California Gives Consumers More Power Over Personal Data

In an effort to give Californians greater control over their personal information, the state has introduced new laws that grant consumers certain rights when it comes to how companies process and use their data.

Consumer Rights Under CCPA

The California Consumer Privacy Act (CCPA) gives consumers the right to:

  • Know What’s Being Collected: Know what personal information a business collects, uses, shares, and sells.
  • Delete Your Data: Delete personal information on file with a covered company.
  • Opt-Out of Sales: Opt-out of the sale of personal information.
  • Non-Discrimination: Receive non-discriminatory pricing or services when exercising CCPA rights.
  • Correct Inaccurate Information: Correct inaccurate personal information held by a business.
  • Limit Sensitive Data Use: Limit the use and disclosure of sensitive personal information collected about them.

Eligible Businesses

The CCPA applies to businesses that:

  • Generate annual revenues exceeding $25 million
  • Process the personal data of 50,000 or more individuals annually
  • Earn 50% or more of their revenue from selling California residents’ personal data

International Comparison: GDPR

The General Data Protection Regulation (GDPR) in the European Union is considered one of the strongest data protection laws globally. The regulation provides individuals with greater rights and protections regarding their personal data, including:

  • Right to Be Forgotten: The right to have personal data erased.
  • Right to Access: The right to access personal information.

Financial Regulations: Compliance Requirements

In addition to the CCPA, financial institutions are subject to various regulations aimed at ensuring the security and confidentiality of customer data. These include:

  • Encryption: Protect cardholder data and personally identifiable information with encryption.
  • Firewalls and Web Gateways: Install and maintain firewalls that restrict access to payment systems and deny unauthorized traffic.
  • Intrusion Detection: Use intrusion detection systems to detect and prevent intrusions into networks.
  • Logging and Data Collection: Log all security event information and review it, with guidelines in place for analyzing logs for potential threats.

Vendor Management

Financial institutions that engage third-party vendors to provide products and services are required to conduct due diligence on these vendors to ensure they meet the institution’s security standards. This includes ongoing monitoring of the relationship to detect any potential weaknesses.

Centralizing Compliance Management

In today’s complex regulatory environment, financial institutions must have a centralized approach to compliance management. This can be achieved by enlisting the services of third-party security operations experts or implementing a security operations platform that enables companies to anticipate and respond to threats while complying with regulations.

Enhance Security at Your Organization

For more information on how to enhance security at your organization, download our comprehensive Financial Industry Cybersecurity Checklist.