What It Is

California Consumer Privacy Act (CCPA), as amended by California Privacy Rights Act (CPRA), is a state regulation establishing consumer privacy rights for California residents. It targets for-profit businesses meeting thresholds like $25M revenue or handling data of 100K+ consumers. Primary purpose: empower consumers with control over personal information (PI) via rights-based approach, including opt-out of sales/sharing and limits on sensitive PI.

Key Components

• Core rights: know/access, delete, correct, opt-out sales/sharing, limit sensitive PI use
• Obligations: notices at collection, privacy policies, DSAR handling within 45 days, vendor contracts
• Enforcement by CPPA and Attorney General; no formal certification, but audits and compliance demonstration required
• Built on broad PI definitions (identifiers, inferences, household data)

Why Organizations Use It

Mandatory for qualifying businesses to avoid fines ($2,500-$7,500/violation) and breach litigation ($100-$750/consumer). Reduces data risks, builds trust, enables market access, aligns with GDPR-like regimes for efficiency.

Implementation Overview

Phased: scoping/gap analysis (0-3 months), policies/contracts (1-4 months), technical controls (2-6 months), operationalization/training, ongoing audits. Applies globally to CA data handlers; cross-functional teams essential.

What It Is

TISAX (Trusted Information Security Assessment Exchange) is an industry framework and certification scheme for the automotive sector. Developed by the ENX Association based on VDA ISA catalog, it standardizes assessments to protect sensitive information like IP, prototypes, and personal data. It uses a risk-based approach with three maturity levels: Basic, Significant, Very High.

Key Components

• 70+ controls across 7 groups: Policy, Organization, Personnel, Physical Security, Access, Cryptography, Operations.
• Built on ISO 27001 with automotive-specific extensions like prototype protection.
• ENX portal for exchanging results; labels valid 3 years.

Why Organizations Use It

• Contractual mandates from OEMs (e.g., BMW, Volkswagen) prevent revenue loss.
• Reduces duplicate audits (70-90% efficiency); enables market access.
• Mitigates risks, builds trust, supports resilience in €2.5T supply chain.

Implementation Overview

Phased: Preparation (gap analysis), Remediation (controls, table-tops), Audit (by accredited providers like DQS), Sustainment. Targets automotive suppliers/OEMs globally; scalable for SMEs to enterprises. Costs €15k-€150k+; 6-18 months typical.