Reliable CCPA Compliance

How better identity leads to better consumer privacy compliance

The California Consumer Privacy Act (CCPA) sets a much higher domestic privacy standard for companies that collect or share information about consumers living in California. The CCPA entitles consumers to:

  • access their personal information that the companies collect, sell, or disclose; and
  • request the deletion of that personal information.

These requirements expose companies to two novel risk vectors.

First, standard identity verification practices—or their absence—increase risk of divulging consumer data, a valuable commodity to criminals. Fraudsters likely will make CCPA requests in consumers’ names. Fulfillment of fraudulent CCPA requests constitutes a data breach, increases the possibility of brand and financial exposure from account takeover fraud, and compromises consumer trust.

Second, the confusion of merged and outdated records increases risk of non-compliance. Frequently, each consumer engagement channel in a company works as an independent group, led by a distinct team using siloed systems. Multiple internal databases may house fully or partially duplicative records about consumers. The CCPA mandates companies to apply consumer requests for deletion to all internal databases. It would violate the Act if a pertinent consumer record were to go overlooked in the fulfillment of a CCPA request.

Non-compliance invites fines as high as $7,500 per incident, costly lawsuits, and brand reputation risk.

Current business practices exacerbate CCPA compliance risk.

Brands need an understanding of each requestor’s identity that is authoritative and consolidated. A stable and persistent view of consumers ensures that the requestor is actually who they claim to be. For that degree of assurance, compare submitted personal information against device-based observations and external offline identity data. Linking all of a consumer’s datapoints scattered across multiple databases generates the single definitive record necessary for fulfilling CCPA requests.

Read this whitepaper to discover how:

  • Widespread business practices fail CCPA requirements
  • Standard identity verification invites data breaches
  • Current practices of managing consumer data don’t support CCPA compliance
  • Effective CCPA compliance hinges on consumer identity
  • Referencing a single, reliable source of truth for consumer data makes compliance more straightforward and certain
Related Resources