The Whistic Guide to the CCPA

December 05, 2019

Even though today’s security professionals are prepared for new compliance regulations being introduced on a regular basis, sometimes acts are passed that shake up the InfoSec community and require a little extra attention. The California Consumer Privacy Act (CCPA) is one of these laws.

Once the CCPA goes into effect on Jan. 1, 2020, any organization doing business in the state of California or collecting consumer information on any one of the nearly 40 million residents in the state will be legally required to disclose what data is being gathered and how this data is being used. It also outlines stricter regulations for third-party consumer data handling and gives consumers more control over their personal information.

The CCPA is groundbreaking on many levels, but one of the biggest factors is the prioritization of transparency between consumers and the brands that are collecting consumer data. At any moment, a consumer can request to see exactly what information a brand has collected, other organizations they have shared or sold this data to, and they can request to be removed from any database.

Consequently, this means that data and InfoSec teams must have workflows in place that make it easy to find, edit, and protect individual consumer records at a moment’s notice. This is all on top of maintaining data compliance and security. So the challenge for security teams is increasing flexibility and access without compromising data security.

How Whistic can help your team prepare for the CCPA

As your team prepares for the CCPA to take effect, one of the first steps you should take is a thorough internal security audit. Ensuring that your team is collecting consumer data in the right way, storing and analyzing this data in a safe way, and sharing this data with third-party vendors and partners without unnecessary risks will give your team a solid foundation for dealing with consumer CCPA requests.

The Whistic security assessment platform was built specifically for vendor security management workflows, making it the perfect tool for conducting baseline security audits to prepare for the CCPA. Additionally, the Whistic Security Profile gives InfoSec teams easy access to all of their critical security profile data, making transparency and flexibility a breeze without ever sacrificing security or compliance. The Whistic platform is a great fit for any data security team looking for a safe and secure way to prepare for the CCPA without having to redraw process and workflows from the ground-up.

One of the biggest takeaways from the passing of the CCPA is that the future of InfoSec will be increasingly focused on the transparency between consumers and the brands they do business with. On the state and federal level, more regulations are sure to follow in the CCPA’s footsteps. If your team hasn’t already started preparing for the CCPA and the future, the time is now.

For even more insights into the CCPA, download our newest guide, Everything You Need to Know About the California Consumer Privacy Act.

privacy whistic gdpr infosec ccpa

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.