The California Consumer Privacy Act (CCPA) gives California consumers the right to institute civil action for statutory damages, Cal. Civ. Code § 1798.150(a)(1), and  to recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater.” Id. § 1798.150(a)(1)(A).

 

The CCPA allows a civil action only for breaches involving the nonencrypted or nonredacted personal information of California consumers Id. § 1798.150 (a) (1).

 

Prior to initiating any action against a business for statutory damages would-be plaintiffs has to provides the business with 30 days’ written notice identifying the specific provisions of this title the consumer alleges have been or are being violated.

 

In the event a cure is possible, if within the 30 days the business actually cures the noticed violation and provides the consumer an express written statement that the violations have been cured and that no further violations shall occur, no action for individual statutory damages or class-wide statutory damages may be initiated against the business. Id. § 1798.150 (b).

 

The regulation does not specify the meaning of “cure”.  This statement will probably require additional clarification from the California Attorney General.

Privacy run implements a complete workflow allowing incident registration

 

PrivacyRun provides a tool for a comprehensive personal data breach incident management. It implements a complete workflow allowing incident registration, analysis and processing of customer and Attorney General Notifications.

 

 

The system helps minimizing the risk of civil action by promptly handling all incident notices from consumers.

 

It allows businesses register notices received in any form (email, fax etc.), automatically generate template based responses and required notifications and starting process of mitigating the breach. The system tracks all deadlines and notifies operators along the process to avoid missing the deadlines required by law.

 

 

Makeitright, provider of PrivacyRun solution and Syllab Systems specializing in Cryptography-as-a-Service signed a partnership agreement. The new partnership will allow both companies to offer Data Governance, DSAR, Privacy Protection and CCPA and GDPR compliance to clients within the US and the EU.

Together PrivacyRun and SylLab API expand the solution  privacy compliance to HIPAA Privacy Rule.

Syllab Systems and Makeitright

Makeitright, a member of ProService Finteco Group and OakTree Capital Management portfolio company,  builds automated IT solutions for banking and insurance market leaders. Makeitright provides IT professional services and develops applications to support business and compliance processes for banks, insurance companies and the financial market. The company specializes in Test Automation (TA) and Robotic Process Automation (RPA) helping clients achieve digital transformation, streamlines business processes, and increases operational efficiency.

The SylLab Systems Company was established in San Francisco, CA. The company was founded by cryptography and privacy enthusiasts. SylLab Systems is providing Cryptography-as-a-Service (CaaS) for organizations to secure sensitive information. Privacy compliance and cryptography are expensive and difficult to implement, and many organizations get it wrong. Changes in the architecture, lawyers, and consultants are a significant expenditure when facing privacy regulations (HIPAA, GDPR, PDPA, CCPA). The highly usable SylLab API offloads the burden of implementing cryptography and compliance.

Personal data changes. Customers move, change names, contact points, phones and email addresses.  How can you handle all of this disparate information? The answer is to build the customer Master Customer Data Management (MDM) and Golden Record in PrivacyRun solution.  A Golden Record is the single source of truth about your customers in your businesses you can see in the Single Customer View. 

Parametrization od the deduplication engine

The “truth” is understood to mean the reference to which data users can turn when they want to ensure that they have the correct version of a piece of information. The Golden Record encompasses all the data in every system of record within a particular organization. 

One of the most difficult parts of an MDM solution implementation is the parameterization of the deduplication engine and the Gold Rrecord creation process. Consider all data sources, which fields are more reliable from which data sources, and what are the criteria that allow a field from one system to fill in an MDM field instead of another.

A Golden Record is the single source of truth

The functionality of the System enables the presentation of all collected data about the client, including the client’s personal data, current contact details, a list of products with an indication of the source system, a list of consents to the processing of personal data in accordance with the requirements of the GDPR and CCPA.

The deduplication engine allows you to create the Gold Record by automatic identification and merging of records into a Gold Record, the record has a reference to the source records from which it was created. The engine performs phonetic comparison taking into account European languages using advanced text comparison algorithms. 

The Golden Record encompasses

A Golden Record is the single source of truth about customers in your businesses you can see in the Single Customer View. The “truth” is understood to mean the reference to which data users can turn when they want to ensure that they have the correct version of a piece of information. The Golden Record encompasses all the data in every system of record within a particular organization.