Why CCPA is important for an organization’s ITAD program?

On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect, impacting how organizations throughout the United States collect, process, and share personal information about California consumers. The new regulation applies to any business that collects consumers’ personal information, does business in California, and satisfies at least one of the following thresholds:

• Has annual gross revenues in excess of $25,000,000
• Possesses the personal information of 50,000 or more consumers, households, or devices
• Earns more than half of its annual revenue from selling consumers’ personal information

The CCPA is often compared to the General Data Protection Regulation (GDPR), which went into effect in May 2018 and addresses data protection for individuals in the EU. Organizations that have enacted data retention and disposition policies that comply with the GDPR are in a good position to comply with the CCPA requirements when it comes to protecting their customers’ personal information. Organizations that have experienced a data breach or security lapse that caused personal information to be compromised face fines up to $2,500 per record (up to $7,500 per intentional violation) as well as $100-$750 per individual per incident. Additionally, individuals have the right to sue and file class action lawsuits. Protecting your data at the assets end-of-life is a critical component of a compliance program, and working with a partner like Ingram Micro ITAD will ensure customers’ personal information is destroyed before assets are reused or recycled. Organizations can also take these additional steps to protect themselves from security breaches with their end-of-life assets:

• Send the assets to disposition immediately after removing them from service. Stockpiling out-of-use equipment in storage and delaying sanitizing the data on the devices leaves you at risk for a security issue.
• Ensure there is a clear chain of custody and audit trail for end-of-life devices, inclusive of providers involved in transporting devices to an ITAD processing facility.

Connect with one of our ITAD experts today and let us show you how Ingram Micro’s ITAD Services can help your organization comply with the CCPA.