CALIFORNIA CONSUMER PRIVACY ACT
Effective January 1st, 2020, the California Consumer Privacy Act (CCPA) has changed the data privacy and protection landscape in the United States.
PCG has been providing data privacy and protection services for over 20 years and brings a wealth of experience and insights to the table.
WHAT IS THE CALIFORNIA CONSUMER PRIVACY ACT?
CONSULTING • EXPERTISE • SOLUTIONS • COMPLIANCE
High-profile data breaches and the practice of corporations selling personal data precipitated a vocal negative reaction from consumers, making clear the importance that consumers place on their personal information. In response, the CCPA establishes data privacy rights that give California consumers control over the use of their personal information and levies regulatory and civil fines on companies who fail to appropriately protect that information or violate consumers’ privacy rights. CCPA defines personal information broadly and calls out personal attributes such as names, email addresses, social security numbers to very specific items such as biometric and genetic data.
Beginning January 1st, 2020, companies will be required to respect California consumers’ privacy rights and ensure their data is protected. Attention should be given to practices like mapping the flow of data and streamlining data reliant processes within a company. Companies will also need to focus on enhancing internal security practices, transparency, and implementing tools like privacy impact assessments and other industry leading practices. Taking a holistic, risk-based approach to satisfying the requirements of CCPA and establishing leading practices around data protection and privacy readies companies for current and future regulations. PCG’s structured approach to CCPA compliance helps to untangle the knot of data privacy and protection and manage companies’ remediation projects.
HOW CAN PROJECT CONSULTING GROUP HELP?
© Project Consulting Group // All rights reserved
PCG’s services help companies assess, plan for, and improve their data privacy and protection programs and achieve CCPA compliance. PCG’s component centered strategy along with extensive regulatory experience uniquely positions us to benefit companies of any size and complexity. Our service offerings range from assessments and analysis to full program support and implementation. We offer solution-based, project-based, deliverable-based, outsourced, and tailored service offerings.
The unique PCG service model not only provides our clients with specific domain expertise, but also value-added benefits such as extensive program and project management experience, thought leadership mindsets, technology agnostic viewpoints, pareto principle (80/20) approaches, risk-based prioritization concepts, ROI consideration, uncompromising transparency, cross industry perspectives, research (Gartner) alliances, and 20-years of driving organizational change.
We've packaged some of the more common service offerings below, although PCG will provide a tailored service offering to meet your specific business needs if required. These tailored offerings may cover one or more of the individual CCPA components. If you have a need related to CCPA, we have you covered.
Coach the organization and the employees who carry out personal information processing of their GDPR obligations.
Track compliance gaps and manage associated risks. Prioritize remediation activities including awareness campaigns, training, and implementations.
Provide advice where requested regarding data protection impact assessments and monitor performance.
Act as the point of contact for the supervisory authority as needed.
510 N 1st Ave
Minneapolis, MN 55403
800-731-7153
Effective January 1st, 2020, the California Consumer Privacy Act (CCPA) hasc hanged the data privacy and protection landscape in the United States.
PCG has been providing data privacy and protection services for over 20 years and brings a wealth of experience and insights to the table.
PCG’s services help companies assess, plan for, and improve their data privacy and protection programs and achieve CCPA compliance. PCG’s component centered strategy along with extensive regulatory experience uniquely positions us to benefit companies of any size and complexity. Our service offerings range from assessments and analysis to full program support and implementation. We offer solution-based, project-based, deliverable-based, outsourced, and tailored service offerings.
The unique PCG service model not only provides our clients with specific domain expertise, but also value-added benefits such as extensive program and project management experience, thought leadership mindsets, technology agnostic viewpoints, pareto principle (80/20) approaches, risk-based prioritization concepts, return on investment consideration, uncompromising transparency, cross industry perspectives, research (Gartner) alliances, and 20-years of driving organizational change.
We packaged some of the more common service offerings below, although PCG will provide a tailored service to meet your specific business needs. These tailored offerings may cover one or more of the CCPA components. If your need is related to CCPA, we have you covered.
CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
The global threat environment has intensified resulting in business continuity, disaster recovery, crisis management, and emergency response becoming an area of focus for board of directors, executive leaders, clients, customers, and regulators. This increased focus has resulted in greater maturity and heightened expectations around response, recovery, and communication capabilities.
Business continuity management identifies these potential threats and impacts to your business, creates the organizational resilience and recovery capabilities for an appropriate level of response, and safeguards the interests of your customers, employees, reputation, and value. Potential threats include items such as natural disasters, technological failures, data breaches, human error, fire, terrorism, lawsuits, misconduct, acts of violence, labor action, or drop in share price.
There are multiple components encompassing a robust business continuity program, in addition to several ancillary items such as event/incident management, disaster recovery, crisis management, and emergency response. The terminology used within industries, by regulations, and across vendors is inconsistent at best, so we recommend focusing on the components rather than debating the nomenclature. Below are the components.
Contact us today to receive your complimentary discovery session
YOUR COMPLIMENTARY DISCOVERY SESSION INCLUDES:
Dedicated time with a PCG CCPA Expert
A review of your CCPA current-state and desired future-state
A roadmap outlining your goals and strategies
OR
Call Now: 800-731-7153
EXPERTISE • CONSULTING SERVICES • SOLUTIONS
CEO of a Global Manufacturing Company
PCG has done an excellent job at leading our multi-year project.
Manager at a Government Agency
PCG is very professional and has a broad range of abilities. They took great care to identify the help needed.
PCG did a tremendous job with our project. They built a strong rapport with the business owners, which helped create trust and confidence.
Manager at a Multinational Bank and Financial Services Company
- VP of an International Agricultural and Food Company
I wanted to reach out to PCG and say thank you for a job well done!
VP of Fortune 500 Bank
I can’t express how much I appreciate the leadership and guidance PCG provided to our program.
PCG was excellent in defining and implementing the framework that has helped provide significantly improved governance and transparency.
Director of Mid-Market National Retailer
Manager at a Fortune 500 Financial Services Company
I want to make sure to recognize the great work PCG did on the project, you have certainly surpassed my expectations.
Director at a National Insurance Corporation
You have no idea how nice it is to hand off something like this to someone you know will stay on top of it and communicate progress. Great job.
PCG has been a great partner to us and if we need consulting help, we reach out. Thanks!
National Health Insurance Company
Accountability
The establishment of clear Data Protection & Privacy leadership within an organization; a Data Protection Officer or others that create and pursue a data protection & privacy roadmap, and proactively articulate the organization’s stature regarding data protection & privacy. An effective governance framework helps organizations prepare for the developing patchwork of regulations and oversee the integrity, availability and security of their data.
Data & Process Management
Policies establish principles such as stewardship, master & meta data practices, protection standards, and quality controls, throughout a data element’s lifecycle. Data and process inventories help manage what information is being accessed, and where and with whom it resides. In combination, effective policies and inventories help companies meet compliance standards and maintain a holistic view of its data landscape.
Third Party Management
Relationships with any third parties that process data on your company’s behalf should be governed by contracts that require them to maintain appropriate technical & organizational measures for protecting and ensuring the privacy of that data. Additionally, companies should employ a risk-based, prioritized approach to audit their third parties on an ongoing basis to ensure they are meeting the data protection & privacy obligations required of them.
Data Transfers
Many regulations specify enhanced security measures for international data transfers, but it is our view that companies should apply a similarly high level of care in the form of technical and organizational measures to domestic transfers and third-party transfers as well. Common solutions include secure transfer tools, encryption, tokenization, data masking, minimization, pseudonymization, anonymization, and more.
Risk Management
Leading companies understand that following a data protection & privacy roadmap is really a series of ongoing exercises in Risk Management, with the completion of projects and tasks prioritized by the amount of risk they pose to the company if left unresolved. All information related risks should be managed accordingly to ensure the company’s data is adequately protected.
Security
Recognized security frameworks such as NIST, CIS/SANS 20 and ISO 27001 provide accredited assurance that companies have appropriate technical and organizational security measures for safeguarding their data and other IT related assets. Security Policies, Incident Response Plans, Acceptable Use Policies and more, work in concert to weave a security posture that incorporates leading practices to safeguard your organization.
Regulatory Engagement
Regulations and restrictions dictating what companies may do with data are spreading around the globe. Nearly every data category – from health information, to credit card data, to financial data, to personal information and more – is governed by compliance requirements. Companies must understand those requirements and how to interact with the different governing entities.
Data Subjects, Privacy Policy, Purpose
Regulations such as GDPR, CCPA, Gramm-Leach-Bliley and others restore the balance of power between companies and data subjects by establishing rights for data subjects. Despite nuanced differences from regulation to regulation, companies can implement leading practices such as transparent and detailed privacy policies, and easy-to-use mechanisms available for data subjects to interact with the company.
Data Breach Management
Data breach management plans provide a repeatable framework for assessing breach impact, remediating issues, and notifying impacted parties and regulatory bodies. Leading practices indicate that organizations should implement and test their plans to verify they are able to evaluate breach exposure, establish remediation plans and notify parties within 72 hours of identifying the breach.
Provide Top Talent
PCG employs subject matter experts and leaders across all areas of the CCPA.
Deliver Tailored Approaches
Every organization has unique challenges and demands that require flexible service offerings.
PCG solutions balance people, processes and tools to help drive change and stakeholder alignment.
Drive Organizational Change
"PCG was excellent in defining and implementing the framework that has helped provide significantly improved governance and transparency."
- Director of Mid-Market National Retailer
IIBA Premier Sponsor
Fast 50 Company
PMI Corporate Partner
THIRD PARTY AUDIT SOLUTIONS
This service analyses current practices, and the development of a right-fit, risk-based capability to ensure that the client can validate that their vendors or third-parties follow appropriate organizational and technical data protection & privacy measures. It’s commonly used by organizations with informal, burgeoning or maturing vendor management programs that lack data protection and privacy subject matter expertise.
Deliverable Based Services
If you desire an individual or set of deliverables, PCG may provide template artifacts or hands-on support in drafting and implementing specific deliverables such as a privacy policy, information security policy, data breach plan (incident response plan) process inventories and more.
CAPABILITIES AND SOLUTIONS
GAP ANALYSIS
This service analyzes the current-state of California Consumer Privacy Act components, alongside required or best practices, to identify gaps and actionable recommendations. We offer two versions of the gap analysis; an accelerated approach for scoping or reporting purposes, and a deep-dive approach for detailed planning on larger initiatives.
ASSESSMENTS AND AUDITS
MATURITY ASSESSMENT
This service assesses the current-state of the California Consumer Privacy Act components and processes to determine the degree of maturity. The results of the assessment are mapped to a capability maturity model that also includes the findings, level designation, and roadmap to deliver upon stakeholder expectations.
CONTROL EVALUATION
This service evaluates the current-state of California Consumer Privacy Act control effectiveness with the goal of measuring or improving upon the desired result. We offer two forms of this evaluation; an "assessment of controls" through qualitative evaluation or an "audit of controls" through quantitative and statistically relevant sampling.
REGULATORY OR CERTIFICATION
This service provides an assessment focused on specific regulatory requirements such as HIPAA, GDPR, and PCI, or certification mechanisms such as ISO 27001, NIST, and SANS20. This assessment helps identify non-conformities and is designed for companies needing to undergo an audit or certification process.
MANAGED SERVICES
DATA PROTECTION AND PRIVACY LEADERSHIP SERVICES
Retainer based access to a CCPA subject matter expert with cross-industry experience. This resource may partner with an organization’s data protection and privacy leadership or governance team to help prioritize work items, offer guidance on leading practices, and interpret regulatory requirements when applicable on a regular basis.
IMPLEMENTATION
This service provides an opportunity to outsource the implementation of solutions or remediation of CCPA compliance gaps. PCG’s team includes the required resources such as strategic advisors (senior practitioners), project oversight resources (program/project management), supporting team members (analysts, subject matter experts) and applicable third-party vendors.
MANAGEMENT CONSULTANTS
PCG employs program and project managers that will help drive your CCPA compliance project to completion. Our consultants bring a deep understanding of project management and years of experience leading projects. Their strategic and tactical knowledge allows them to seamlessly oversee the scope, schedule, budget, risk and quality.
STAFF AUGMENTATION
Project Consulting Group
CCPA
Other Services
Contact Project Consulting Group
800-731-7153
Click below to see our offerings:
OPERATIONS
This service provides companies the ability to outsource operational components of CCPA compliance, with the goal of attaining higher or equal value at a lower overall support cost. Ancillary benefits include improving the core business focus, freeing up internal resources, and gaining access to world-class resources and capabilities.
CORE TEAM MEMBERS
PCG employs a staff of California Consumer Privacy Act architects, analysts, and subject matter experts that play a key role in overall project success. This service provides organizations an avenue to tap into these resources to help deliver the project. Our team members will facilitate the collaboration leading to solutions for your most complex challenges.
CCPA COMPONENTS
COMPONENT ASSESSMENT OR AUDIT
Focused assessments and audits around particular domain components such as data security (ISO 27001, Penetration Testing, Vulnerability Scanning).
OUTSOURCED THIRD PARTY AUDIT PROGRAM
This service provides companies an outsourced third-party audit function (vendor onboarding & a regular cadence) that emphasizes organizational and technical security control reviews to ensure continued CCPA compliance. This service is commonly used by organizations that utilize many vendors or those that do not have established third party management programs.
High-profile data breaches and the practice of corporations selling personal data precipitated a vocal negative reaction from consumers, making clear the importance that consumers place on their personal information. In response, the CCPA establishes data privacy rights that give California consumers control over the use of their personal information and levies regulatory and civil fines on companies who fail to appropriately protect that information or violate consumers’ privacy rights. CCPA defines personal information broadly and calls out personal attributes such as names, email addresses, social security numbers to very specific items such as biometric and genetic data.
Beginning January 1st, 2020, companies will be required to respect California consumers’ privacy rights and ensure their data is protected. Attention should be given to practices like mapping the flow of data and streamlining data reliant processes within a company. Companies will also need to focus on enhancing internal security practices, transparency, and implementing tools like privacy impact assessments and other industry leading practices. Taking a holistic, risk-based approach to satisfying the requirements of CCPA and establishing leading practices around data protection and privacy readies companies for current and future regulations. PCG’s structured approach to CCPA compliance helps to untangle the knot of data privacy and protection and manage companies’ remediation projects.
PCG’s services help companies assess, plan for, and improve their data privacy and protection programs and achieve CCPA compliance. PCG’s component centered strategy along with extensive regulatory experience uniquely positions us to benefit companies of any size and complexity. Our service offerings range from assessments and analysis to full program support and implementation. We offer solution-based, project-based, deliverable-based, outsourced, and tailored service offerings.
The unique PCG service model not only provides our clients with specific domain expertise, but also value-added benefits such as extensive program and project management experience, thought leadership mindsets, technology agnostic viewpoints, pareto principle (80/20) approaches, risk-based prioritization concepts, return on investment consideration, uncompromising transparency, cross industry perspectives, research (Gartner) alliances, and 20-years of driving organizational change.
We packaged some of the more common service offerings below, although PCG will provide a tailored service to meet your specific business needs. These tailored offerings may cover one or more of the CCPA components. If your need is related to CCPA, we have you covered.