Case Study Mazars Cybersecurity: Data Privacy A National, Commercial Mortgage Provider – California Consumer Privacy Act (CCPA) Compliance

July 01, 2020


A leading commercial real estate firm that sells, finances, and services commercial real estate processed personal data as part of its core business. Because some of their operations were under the jurisdiction of California, they wanted to understand their risk exposure from the CCPA and to define a clear plan to execute mitigate associated risk.

Existing challenges included:

  • A clear understanding of CCPA requirements as they pertained to their operations
  • Any gaps in compliance
  • The completeness of their customer-facing privacy policy
  • Obligations related to third-party contracts


We assembled a team of skilled privacy professionals who were experienced in privacy program management, data protection impact assessments, and regulatory compliance. They worked with:

Risk compliance and control leadership, gaining an understanding of CCPA risks and developing a strategy to improve security and privacy controls

The Approach:

  • Reviewed existing policies, controls, and the ability to demonstrate compliance against CCPA requirements.
  • Conducted an initial Data Privacy Program Assessment to determine the current state against CCPA requirements.
  • Conducted workshops with stakeholders covering privacy, validating current operational maturity, and building consensus on possible solutions.
  • Delivered the risk assessment, tactical action, and overall roadmap to implement policies and controls to improve data privacy operations and CCPA compliance

The Result:

  • An improved approach to data subject right response
  • Increased understanding of privacy requirements and improved third party contract negotiations
  • A clear plan on how to increase CCPA compliance

Visit our dedicated CCPA compliance page for further details or request to meet with our experts to discuss your compliance readiness.

Related posts

An international telecom operator has selected Mazars to assess the level of security of their information system.   CONTEXT The company is a French-headquartered, international telecom operator that has maintained an ERP for the management of its core business for many years. An evaluation of the security of this ERP

Read More

As Denis Waitley once said, “Life is inherently risky. There is only one big risk you should avoid at all costs, and that is the risk of doing nothing.” Replace the word “life” with “business” and this still rings true. The water industry has long been aware of the disruption

Read More

Description In our ninth episode of Mazars Food For Talk, Mazars Food and Beverage Practice Leader and Food for Talk host, Howard Dorman, talks with Philip Jones. Philip is a Director in the Mazars Cybersecurity Practice and has performed on over 100 security/privacy projects for the DOD, federal government, startups

Read More

Copyright 2021 - Mazars - United States