How CCPA impacts physical security and visitor management

Sept. 25, 2020
Though many associate this and other data protection laws with cybersecurity, the CCPA's implications for physical security are significant

If at first, you don’t see the link between the California Consumer Privacy Act (CCPA) and physical security and visitor management you’re probably not alone. After all, the CCPA is about our data. But before the CCPA, or for that matter the GDPR, was ever passed into law The Economist pretty much predicted this brave new world in which the “most valuable resource is no longer oil, but data."

Passed in June 2018, and having gone into effect on Jan. 1, 2020, the CCPA is a California state law that "enhances" privacy rights and consumer protections for California residents. With privacy laws now enacted in over 80 countries around the world, people associate data privacy more often with cybersecurity.

But the CCPA’s scope is broader than that and covers two main objectives: to guarantee protection for individuals regarding their personal data, and apply it to businesses that collect, use, or share consumer data. Now here’s the clincher. This is all regardless of whether the information was obtained online or offline. And this is where physical security and visitor management comes in.

Don’t Forget About Your Visitors or Contractors

The CCPA applies to the contractors and visitors you do business with. So, all four main goals of the Act must apply to them as well:

  • Ownership of their personal information
  • Control over their personal information
  • Securing their personal information
  • Holding you accountable for protecting their personal information

To be clear, the act applies to all "for-profit" organizations meeting specific criteria. But you can rest assured that the right visitor management software can help. Going digital with a cloud-based visitor management system will help you tremendously come time for a CCPA audit. You can manage and maintain your business's visitor data while complying with levels of consent, data minimization, and the right to be forgotten.

There is zero room for error when it comes to maintaining CCPA compliance, or any data privacy compliance for that matter. It's your responsibility to ensure personal information isn't accessible to just anyone. Your organization is also required to also take extreme care of your external visitors and contractors.

Measures You Can Take Using Visitor Management Software

Once you’ve determined that the CCPA applies to your organization, there are a number of actions you can take for physical security as it relates to visitor management. One of the key steps you can take is to implement access control technology that's integrated with your visitor management system. This is an effective way to remove the margin for human error and protect restricted areas of your premises so that your files and servers can’t be accessed by your visitors.

If you’re also required to comply with regulations such as C-TPAT, ITAR, FSMA, or HIPAA, then utilizing access control integrations will help you cut costs usually associated with the need for personal escorts in and around your property. With the right visitor management system in place, you’ll also be able to capture visitors' digital signatures on legal documents, NDAs, and ask for consent in collecting their visitor data.

Collection, Storage, and Deletion of Data

When it comes to the collection, storage, and deletion of data, your visitor management solution should provide you multiple options for each stage. For example, the use of custom screens and flows to capture visitor information should allow you to start the collection of data before the visit ever happens, as well as at the time of check-in once they’ve arrived at your front desk. E-signatures on documents can be stored via integrations with your existing cloud storage tools.

The future of the workplace is moving toward best-of-breed strategies in technologies. So, it’s important to choose a solution that will play nice with other tools you’re already using. And once you’ve collected all the data you need to do business, the question of responsibly deleting them after a period of time is a crucial one you’ll need to have an answer to. You will be asked during an audit how you’re managing your data. A cloud-based visitor management solution can not only collect and store your data securely, but it should also be able to give you the choice of manually deleting visit data or automating that data deletion after a specific retention period.

And once you’ve figured that all out, your compliance team will breathe easier when they received insurance- and audit-related queries in addition to CCPA compliance. The ability to export reporting and documented processes will help you map out what you need for your data privacy policy (DPP).

The Future of CCPA As It Relates to Physical Security

As it stands now, the CCPA is the broadest privacy law in the United States. But many other states aren’t far behind in creating their own data privacy regulations. We know for sure that Maryland, Washington, D.C., and Massachusetts are already in deliberations.

And California consumers are well aware that they have the right to file private rights of action and class actions against businesses when their personal information is mishandled. This is just the beginning. With statutory penalties and fines being imposed upwards of $750 for breach and $7,500 for each intentional violation, the act is not to be taken lightly. This does, in fact, coincide with the theory that data is indeed a most valuable resource.

The level of transparency a visitor management solution can provide is no longer a nice-to-have but a must-have to ensure the trust between you and customers and visitors alike. We can all agree, as business professionals and consumers in our own right, that data privacy should be a basic human right. And now more than ever it's time to put the right steps in place.

About the Author

Gregory Blondeau | CEO and Founder, Proxyclick

Gregory Blondeau is the CEO and Founder of Proxyclick.