Compliance

CCPA

About the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) is a state law that went into effect on January 1, 2020. This law provides California residents (consumers) more control over their data and requires companies to be more transparent with what data they are collecting and how they are using that data.

What You Don't Know CAN Hurt You

Under the CCPA, penalties for non-compliance can include fines of up to $2,500 per violation, and not more than $7,500 for each intentional violation.1 A business has 30 days to respond to a written notice of a violation claim, and is given the chance to remedy the violation before fines are imposed.

Does the CCPA Apply to My Business?

Generally, a consumer under the CCPA means a natural person who is a California resident. The rights afforded under the CCPA apply to all consumers in this context. Therefore, any business who collects and/or processes information of California residents, whether these residents are your customers, prospects, employees, or otherwise, may be subject to the CCPA. For more details about who the CCPA impacts, read this article.

What Rights do Consumers Have Under the CCPA?

The CCPA provides consumers with five new rights regarding their personal information:

  1. The right to request information on your business’ data collection, processing, and usage as it applies to them specifically. This includes what categories of information businesses have collected and if the information was disclosed or sold to third parties.

  2. The right to request a copy of any information businesses have collected about them during the previous 12 months.

  3. The right to have their information deleted (with some exceptions).

  4. The right to request that their information not be sold to third parties.

  5. The right to not be discriminated against because they have exercised any of these rights.

How does SmartVault support you in complying with CCPA?

As your trusted document management provider, SmartVault provides industry standard security measures such as encryption, authentication, access controls, and auditing to support your CCPA requirements.

By working within this rigid set of technical and process controls, we believe you can incorporate SmartVault into a CCPA compliant solution.

 

CCPA Requires...SmartVault Responds...
Right to a Copy
The right to request a copy of any information businesses have collected about them during the previous 12 months.
When you use SmartVault as your single repository for all documents in your business, you can quickly respond to requests for data access. Instead of combing through network drives, memory sticks, local PCs, emails, paper files, etc., easily and quickly provide access to secure vaults that contain client information upon request.
Right to be Forgotten
The right to have their information deleted (with some exceptions).
Your files stored in SmartVault are easily searchable, and based on the user’s permission level in SmartVault, can be retrieved.
Full Document & Workflow Audit
Under the CCPA, consumers have the right to request information on your data collection, processing, and usage procedures. Fully documenting how data is processed and transferred and for what reasons you have to do so will help you respond to these requests and ensure your procedures meet compliance requirements. Document who has access to the data at each stage of processing and transfer.
SmartVault is designed to allow access to documents via authenticated logins. In other words, documents stored in SmartVault are only accessible if you log into the service or share the documents with another individual that must log into the service.

SmartVault employs an Activity Log that you can use to review:

- Who has been granted permissions to access documents

- Who has accessed documents and what action was performed (upload, download, deleted or changed the properties of any document)

In Summary

The CCPA wants you to think about privacy and data protection from the beginning, not as a bolted-on after-thought. Documenting your workflows is the first step to build privacy into your everyday business operations. Choose technology that supports streamlined, secure workflows for your business and create internal controls and processes to maintain the utmost security posture. This is commonly known as Privacy by Design, and includes:

  • Limit Data: Only collect what is necessary.
  • Limit Processing: Only process data for the purpose that it was collected for.
  • Limit Access: Only authorized individuals should be able to access data.
  • Impact Assessment: Conduct assessments for personal data that is high risk to individuals.
  • Keep Reviewing: Keep checking the confidentiality, availability & resilience of your systems.
  • Record Keeping: Note processing, data categories, erasure time, and storage locations.

Download the CCPA Play-by-Play Infographic for more resources to help you and your business get and stay compliant.

While we are not a CCPA compliance consulting firm, we are happy to assist you in getting pointed in the right direction. Feel free to contact us at security@smartvault.com for more insight.

We’ve updated our Privacy Policy which describes in clear, concise language how we collect, use and disclose your personal information, and what rights you have with respect to the use of your information.

About SmartVault

SmartVault adds value to your health care workflow by giving you the ability to store all of your files securely online, access documents when you need them, and safely share files with the right people. It’s easy for you to use with features specifically designed for health care companies to automate workflow and meet compliance mandates. Learn more in our Security Overview >>

 

Footnotes

  1. Does the CCPA Apply to Your Business?, by Joseph J. Lazzarotti, Jason C. Gavejian, Mary T. Costigan, and Maya Atrakchi, August 14, 2019