CCPA Is Here To Stay

Are You Prepared for CCPA?


Fittingly for the beginning to another decade, California chose to pull out all the stops with its 2020 New Year’s goals. The California Consumer Privacy Act or CCPA became effective on January 1, 2020. Passed collectively in June 2018, it’s the principal law in the US to set up a far-reaching set of rules around consumer information, much the same as the European Union’s General Data Protection Regulation or GDPR.

For the internet consumers in California, life won’t be fundamentally extraordinary. But as soon as the law is settled, and relying upon how it’s upheld, its effect could go far to deciding if the 2020s become the decade when the US begins paying attention to consumer privacy rights.

New Decade with better safety

What is CCPA exactly?

CCPA gives consumers “the right to know” and “the right to say no.” That means consumers will, as of today, be able to see what data companies have gathered about them, have that data deleted, and opt-out of those companies selling it to third parties from now on.

The CCPA applies to any company that does business in California and either makes at least $25 million in annual revenue, gathers data on more than 50,000 users, or makes more than half its money from user data. For California residents, it creates a handful of new rights over their data.  It is important to remember that we’re not simply discussing the big giants of the world, yet any enormous organization that does a great deal of business on the internet or, in other words, any large organization.

NOTE: It is also important to note that the company not necessarily need to be operating in California but even if they are operating out of state but are still collecting information from California residents, CCPA applies to them.”

Many companies already had to implement processes allowing European users to delete their data or opt-out of tracking thanks to GDPR, which laid some groundwork for the CCPA. Some platforms, including Facebook, have built tools allowing users to exercise the rights that the CCPA now guarantees to California residents.


Top 5 guidelines of CCPA to affect the working of business:

  1. Stocking and selling of individual information.
  2. CCPA grants right to access and erase the information.
  3. New individual right to unsubscribe any sort of information.
  4. Refreshing of service-level contracts with third-party processors.
  5. Remediation of data security holes and framework vulnerabilities.


What happens if a company doesn’t comply with the CCPA?

CCPA calls for punishments of up to $7,500 for purposeful infringement however it depends on California’s Attorney General to authorize this. Meanwhile, individuals can sue for $100 to $750 in the occasion an organization doesn’t obey the privacy laws and gets hacked.


In summary

The CCPA is the first overall U.S. information assurance law to come into place. It will require organizations in California to put resources into consumer privacy laws. Organizations should now contemplate and comprehend this new law, as their repercussions are probably going to be felt for a long time.

Getting ready to conform to CCPA is anything but a little errand, an adequacy status program requires some investment and exertion even to cover the accompanying fundamental components of CCPA like:

  • Discover where your organization is storing personal information including information which is hidden in unstructured sources like email and file servers.
  • Determine how your organization would respond when a consumer exercises their rights to the deletion of their data,
  • Train the staff to comply with CCPA.
  • Build up an arrangement for keeping up consistency as your business changes.

Why choose Waterford Technologies?

Waterford Technologies has more than 20 years of experience in unstructured data compliance for email and files. By working with us, we can set your organization on the path to unstructured data compliance, allowing you plenty of time to put the necessary controls in place.

If you have any questions about CCPA or GDPR regulations or if we can help in any way, please feel free to contact our sales team now or request a free demo to see how Waterford Technologies can help your organization.


Garima Arora

Marketing Specialist

Waterford Technologies



Is Office 365 enough for your email compliance?

Ensure Compliance, Save Money and Enhance Efficiency with Office 365

There are no doubts that office 365 is an invaluable tool for productivity and collaboration in the cloud, however, legislation with the introduction of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) or indeed The Freedom of Information Act (FOIA), managing email compliance for office 365 can be a challenge and it is important to be aware of the compliance gaps it presents.

In parallel to this, cloud adoption is growing unabated, with email being one of the key workloads that organisations have identified for the cloud. Email is a business-critical platform that typically holds vast amounts of sensitive and confidential information while there are eDiscovery capabilities within O365 that need to be carefully considered.

“Some reasonably sound eDiscovery capabilities are included in Office365, but these have some limitations.”

Osterman Research (2019), Fill the gaps in office365 data protection

Office 365 (E3 and E5 ) versus Third-Party Solutions

There is a maze of licensing options within O365 and it can be difficult to navigate what is suitable for your organisations’ requirements. As well as, that there are significant cost differences between different options, for example between the lower end E1 licenses and higher-end E5 licenses. From a compliance point of view, you will need a minimum of Microsoft E3 licenses with the Advanced Compliance add-on or else full Microsoft E5 licenses to ensure you are covered from an eDiscovery perspective. This is where utilizing a third-party solution for the compliance piece can deliver benefits such as significant cost savings, better capabilities, and time savings.

Source: Osterman Research, Using Third-Party Solutions with O365, 2019

To learn more, watch our webinar ‘Is Office 365 enough for your email compliance’. It will discuss further in-depth and highlight the gaps in O365 compliance that Waterford Technologies can address. Areas that will be explored include;

  • Compliance Gaps
  • Shared Mailboxes and the issues they present for compliance
  • O365 complexity
  • The importance of Retention Management
  • The issue of costs and how to slash these without compromising on compliance

Click on the link to watch now:


Why Chose Waterford Technologies?

Waterford Technologies is a pro-active Email and file Compliance and Management focused, solution provider. Waterford Technologies has vast experience in helping our clients meet their compliance requirements, reducing risk, and addressing eDiscovery requests easily, quickly and successfully.

Contact our Sales team now or request a free demo to see how Waterford Technologies can help your organisation.


Garima Arora

Marketing Specialist

Waterford Technologies

Keep your email and file databases POPI compliant

South Africa’s Protection of Personal Information Act (POPIA)

Keep your email and file database POPI compliant
South Africa’s POPI Act

Data privacy is a worldwide concern for many businesses – especially as regulations such as GDPR, CCPA, and POPIA (the Protection of Personal Information Act) have come or are coming into effect. Want to keep your email and file databases POPI compliant? Read on…

So What is POPI Act or POPIA?

POPI refers to South Africa’s Protection of Personal Information Act which seeks to regulate the Processing of Personal Information. It is South Africa’s equivalent to the EU’s GDPR. The POPI Act is well on its way to being implemented in South Africa. In order to ensure your data practices don’t contradict the act you need to be prepared, once implemented companies will have only 12 months to comply.

Who does POPIA affect?

POPIA affects all organisations that store, collect or process personal information are required to comply.

Personal Information broadly means any information relating to an identifiable, living natural person or juristic person (companies, credit cards, etc.) and includes, but is not limited to:

  • contact details: email, telephone, address, etc.
  • name of the person if it appears with other information relating to the person,
  • demographic information: age, sex, race, birth date, pregnancy, marital status, ethnicity, disability, religion, sexual orientation, language, etc.
  • history: employment, financial, educational, criminal, medical history
  • biometric information: blood type etc.
  • the views or opinions of another individual about the person.
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

“The POPI Act will affect almost all businesses in South Africa”

Does POPI really apply to our company?

Accountability for personal data is the responsibility of each public or private body. Generally, the Responsible party must be a resident in South Africa or the processing should occur within South Africa (certain exclusions apply).

The risk includes reputational harm, fines and imprisonment, and paying out damages claims to data subjects. The greatest risk, after reputational harm, is a fine for neglecting to secure record details.

There are also some benefits associated with complying with the POPI act, it is safe to say that consumers will feel more confident doing business with companies that are transparent and showing compliance with the POPI legislation.

Where POPI does not apply. Exclusions include:

  • purely household or personal activity.
  • some state functions including criminal prosecutions, national security, etc.
  • journalism under a code of ethics.
  • judiciary functions.

Why should I comply with POPI?

POPI endorses transparency about what personal information is collected and how it is to be processed. This honesty is likely to increase customer confidence in an organisation, public or private.

POPI compliance includes capturing and retaining the minimum required personal data, ensuring the accuracy of that data, and removing the data that is no longer required (Similar to GDPR).  These actions will help improve the overall reliability of the databases companies hold.

POPI compliance also requires that the organisation can identify personal information and can take reasonable measures to protect the same data. This will likely reduce the risk of data breaches and the associated public relations and legal ramifications for the organisation.

Non-compliance with the Act could expose the Responsible party to a penalty of a fine and/or imprisonment of up to 12 months. In certain cases, for more serious offences, the penalty for non-compliance could be a fine and/or imprisonment of up 10 years. It is vital that organisations keep their email and file databases POPI compliant.

How can Waterford Technologies help?

Data compliance starts with visibility – Waterford Technologies gives clients, the visibility they need for effective monitoring, eDiscovery, auditing and reporting across a variety of data regulation standards. Our ComplyKEY suite empowers you to easily reduce email and file risk, detect and respond in real-time to threats and prove regulatory compliance with acts such as POPI, ensuring that you keep your email and file database POPI compliant.

ComplyKEY is a compliance and data management platform where you can find every single email and file in your organisation, conduct e-discovery, freedom of information and subject access requests directly from your desktop anywhere.

Key Benefits

Governance- Proactive approach to data transparency by classifying before archiving is a key requirement of POPI.

Compliance – Preventative monitoring of email internally & externally to identify & remediate risk.

Data Retention Management and Erasure- Increases efficiency, retention can be controlled by time and/or by person groups. As mentioned above POPI compliance includes capturing and retaining the minimum required personal data, ensuring the accuracy of that data by removing the data that is no longer required.

Investigate & Message Filtering– Advanced e-Discovery with keyword search, word lists, & regular expressions (REGEX) capabilities.

Be POPI compliant

Although you have a one-year grace period to update your systems, the time to prepare for POPI is now. Get in touch with Waterford Technologies to discuss how we can help your email and file database POPI compliant.


Laura Stotesbury

Head of Marketing

Waterford Technologies