Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » CCPA » Right of Data Portability

Right of Data Portability

The right of data portability is a privacy right that allows individuals to request their personal data from a service provider in a structured, easily understood, and machine-readable format. With this right, customers can transfer their data to another service provider without hindrance.

Under CCPA (California Consumer Privacy Act), the right of data portability falls under the broader scope of Right of Access to one’s personal information collected by a business. 

The right of data portability applies to the personal information that a business has collected from the consumer over the 12 months preceding the request.

The right can be exercised on the part of the customer by raising a request by submitting an online form, calling a toll-free number, or sending an e-mail to the business. Within 10 days of receiving the request, the business needs to confirm its receipt and provide the information within 45 days.

If the same has not been received within that said period, then the business will extend this period by another 45 days; however, for this, they must notify the customer and state the reason for such a delay.

Failure to comply with a valid data portability request may yield severe penalties under the CCPA, including fines of up to $7,500 per violation if found intentional. Beyond that, it would also severely dent a business’s reputation and chances of consumers trusting their business and subsequently facing lawsuits.

Additional reading

User Access Review: Methods, Steps, & Best Practices

How to conduct a user access review?

On May 2023, a disgruntled Tesla ex-employee used his privileges as a service technician to gain access to data of 75,735 employees, including personal details and financial information. The breach attracted a $3.3 billion fine under GDPR.  While breaches due to external and unknown factors are not under an organization’s control, such incidents can be…
ISO 27001 Risk Management Policy

ISO 27001 Risk Management Policy – Steps to Get Started

ISO 27001 is a globally recognized standard for information security that helps organizations up their information security game and keep up with threats of various kinds. Today organizations face numerous security risks that can jeopardize their reputation. Hence having a comprehensive risk management policy is highly needed. Risk management is a vital aspect of the…
Cybersecurity and the internet of things

Cybersecurity in the Internet of Things: Protecting Connected Devices

In 2024, cyberattacks on Internet of Things (IoT) devices have increased significantly, with a notable attack on Roku compromising over 576,000 accounts.  Experts predict that more than a quarter of all cyberattacks on businesses will soon involve IoT devices. But what does this mean for your business? As a small or medium business owner, you…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.