CCPA: the standard for data security and privacy in America
The introduction of the American CCPA normative at the beginning of 2022 marked an important turning point in user private data management in the service sector and now the companies that work on an international level with clients both in Europe and in the United States must be able to guarantee their respect for similar but also diverse regulations. FlashStart is the web filter that is completely cloud based that allows international companies and organizations to work in full respect of the CCPA and GDPR security standards.
1. Sensitive data and privacy:
Companies and service providers in any sector are ever more active when it comes to collecting the personal data of their clients and users who regularly offer their reserved data without having a firm idea of what the final use of which shall be.
1.1 The Cambridge Analytica scandal
In recent years one of the most known scandals regarding the incorrect use of personal data and/or the use of which was different from that which was understood is the Cambridge Analytica case, a British consultancy company that today is defunct but during the American 2016 election campaigns used its Facebook platform for collecting information regarding the political preferences of millions of its users with the objective of analysing their behaviour and proposing dedicated posts and publicity that, just as a recent article from the BBC stated, appear to have had determined effects on the American 2016 elections.
To close the case, Facebook – now Meta – have accepted to pay, in December 2022, a 725 million dollar fine and assumed responsibility to have shared, without asking for consent, the data of over 87 million users with the political consultancy company.
1.2 The request for greater protection
Don’t be surprised that, soon after the discovery of the Cambridge Analytica scandal, Mark Zuckerberg in April 2018 made a testimony at Capitol Hill, the legislators from the American Silicone Valley state began to lay down the terms of one of the laws that, more than any other, has revolutionised the way in which personal data from overseas clients or users is treated: the California Consumer Privacy Act, a similar law to the European GDPR that aims to protect the privacy and reservedness of information that is given by users.
>> FlashStart protects you from a vast gamma of threats and blocks the access to harmful sites ? Try it now
2. The CCPA security standard
The California Consumer Privacy Act (CCPA) was signed on the 28th of June 2018 and offers consumers much more control over their personal information that companies collect from them. The various regulations that it contains offers precise information on how to implement the law, in official effect since the 1st of January 2020 in the American state that houses some of the world’s biggest technological computer-based giants: from Meta to Google, from Apple to HP, From Oracle to Intel.
The CCPA has in fact guaranteed new rights on data reservedness for consumers in California, and in particular:
» The right to know which personal information a company collects from you, the use that it makes of it and any eventual sharing options with other entities.
» The right to request the elimination of personal information collected (with just some exceptions)
» The right to renounce the sale of such and to ask that your personal data does not get shared with any third parties.
» The right for non-discrimination for exercising your CCPA rights.
2.1 A step further: CPRA security
At two years from the birth of the CCPA security standard, in November 2020 California approved the California Privacy Rights Act (CPRA), known also as Proposition 24, that constitutes an amendment to the CCPA and represents a step further in terms of privacy protection. The new regulations, following a transitional period of two years, have officially entered into force on the 1st of January 2023. Amongst the modifications enumerated:
» The right for Californian consumers to request corrections of inaccurate personal information that companies have of them.
» The right to impose use limits and sensitive personal information divulgence that have been collected from the consumer.
» Various responsibilities for the company in subject towards the CCPA security standard and CPRA, amongst which having to answer the request of the consumer wishing to exercise their proper rights and the necessity of offering alerts of an informative nature bearing the explanation of how a company acts on the reservedness of personal data.
>> With FlashStart you can block undesired or inappropriate content: try it now
2.1 Who is subject to the CCPA – CPRA security standards?
The CCPA security standard is applied to companies that have a profit purpose who collect, monitor, archive and control personal information from all citizens that are resident in California and perform a commercial activity within the state of California at least on the following thresholdslie:
» Have annual gross revenues superior to 25 million dollars.
» Receive or divulge personal information from at least 50.000 residents, families or devices placed within California on an annual basis.
» Realise at least 50% of their annual profits thanks to selling private data from Californian residents.
Whilst the CCPA security dictates the obliged law respect of companies that have a profit purpose, service providers and third parties that fall under one of the thresholds mentioned above, the CPRA has also added contractors, therefore other third parties, to the list of entities that are covered by the regulations and in this article Bloomberg offers us a detailed description of who effectively falls into this normative.
3. Comparing CCPA and GDPR security
According to a published post from the consultancy and revision agency Deloitte, the security standards of CCPA and GDPR share many characteristics, amongst which the necessity of notifying users in the case of a data violation, the rights of the user to cancel or modify their data and a background scheme that is aimed at ‘privacy by design’ and therefore the reservedness of data is a basic aspect in the structure of services offered.
There is also a series of differences between the two regulations and in particular we note that the European standard GDPR imposes a series of evaluations on the impact of the rules regarding the protection of data (Data Protection Impact Assessment – DPIA), it also imposes restrictions of automatic decision-making processes and points towards the presence of an Authority of vigilance and regularisation.
4. FlashStart: secure internet in full respect of the privacy regulations
The CCPA security doesn’t impose the measurements of data security to undertake but does state that companies must implement and maintain ‘reasonable’ practises and procedures on a security level, if not they could be fined. The list of critical controls for security that is proposed by the CIS – Centre for Internet Security – a non-profit organization that has become a reference point in this camp, includes point number 9 “Email and Web Browser protections”.
FlashStart proposes a web content filter that is DNS based – Domain Name System – that specifically looks after the protection of internet searches made by the user, verifying the danger and appropriateness of domains that the user wishes to reach and blocks the access to those in which our controls have recognized dangerous situations.
Intervening on the DNS level, FlashStart makes your electronic post secure: it is in fact capable of blocking all threats that have been received by mail through links and adverts of which the user is invited to click on. The control is undertaken as soon as the user clicks on the link so cases of malvertising and adware are easily identified and blocked before they are born.
The instrument proposed by FlashStart is in line with all the European GDPR regulations, from which it has received the full rules and indications. But FlashStart doesn’t limit itself in respecting just the same rules as GDPR, they have a range that is extremely ample and reach users in many various countries. FlashStart can also be configured in a way that will respect all local regulations when it comes to the protection of personal data, as for example in Californian CCPA / CPRA security.
4.1 FlashStart: a secure instrument that is always up to date.
FlashStart is an instrument that is constantly updated. Artificial Intelligence algorithms scan the internet continuously searching for new threats and Machine Learning mechanisms allow the software to learn from past experiences and construct models that are capable of understanding when they are encountering new threats as well as cataloguing all new domains in a correct manner.
In fact, FlashStart doesn’t only protect you from dangerous and illicit content such as malware and phishing attempts but also allows you to block sites that are considered ethically unsuitable in such that they may be tied to pornography, violence and gambling etc.
Its system 85 blacklist makes the instrument very flexible and adaptable for any need and the network administrator can also decide if they wish to block the access to platforms such as Facebook, Instagram, TikTok, YouTube and Netflix that, apart from creating distractions on an efficiency level for its users, are also active in the collection of user comportment.
To find out more regarding its functions, for example with TikTok, please read our dedicated article.
>> FlashStart is the granular protection against cyber based threats and phishing attacks: contact us to ask for an offer
You can activate the FlashStart® Cloud protection on any sort of Router and Firewall to secure desktop and mobile devices and IoT devices on local networks.
