• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Network Security

California Consumer Privacy Act (CCPA): What You Need To Know

The California State Legislature has passed the California Consumer Privacy Act (CCPA). Here is what businesses need to know to adhere to the new guidelines.

October 10, 2018 Matt Dumiak 2 Comments

Cybersecurity Consolidation, cyber readiness
NicoElNino/stock.adobe.com

It should come as no surprise to anyone that the California State Legislature has passed, and the California Governor has signed, amendments to the California Consumer Privacy Act (CCPA). Having previously been a ballot initiative, one of the main drivers to get the CCPA passed as traditional legislation was to allow the law to go through the standard legislative process as opposed to the previous ballot initiative which would have made the law difficult and arduous to amend.

What You Need to Know About the California Consumer Privacy Act (CCPA)

First, the legislature gave the California AG some additional time to develop the implementing law as well as pushed back the enforcement date by up to six months which will be no later than July 1, 2020, for now. While the enforcement date could be set before July 1, 2020, we will have to wait and see when the regulation is implemented by the AG. Companies should be preparing to be compliant by January 1, 2020 and be standing by for enforcement by July 1, 2020.

Further, the amendments add some language around the fine amounts and that they can be up to $7,500 per intentional violation. Along these lines, the legislature also removed the requirement to notify the state AG within 30 days of filing an action against a company which used to give the AG the power to approve or dismiss the action right out of the gate.

The amendments also provide more clear exemptions to the CCPA surrounding the previously nebulous exemptions regarding personal data and the GLB, HIPAA, and DDPA which should help companies that are impacted by those regulations scope out some of the personal data within their environment. Keep in mind, however, that these exemptions should be reviewed carefully and applied after thorough analysis.

Last but certainly not least, the amendments updated the notice requirements around the right to be deleted to provide businesses some freedom regarding where the disclosure is made stating it should be made in a reasonable place for the consumer and provided clarification around preemption of the law and the US constitution.

As mentioned in the beginning of this overview, it is no surprise that amendments were made to this regulation and we’ll continue to monitor for future amendments that are likely to occur.

To make the appropriate notice disclosures and honor the right to access, deletion and sale of personal data opt-out, companies must be intimately aware of the personal data processed within their environment and how the personal data is sold and shared for business purposes. This is not a task that can be accomplished overnight, and companies must begin working to determine if and how this regulation applies to them and begin planning how they will comply.

Here is the full statement about the California Consumer Privacy Act (CCPA) from Chairman Alastair Mactaggart:

“California is leading the way in creating unprecedented consumer protections for the rest of the nation,” said Alastair Mactaggart, chairman of Californians for Consumer Privacy. “The federal government should provide ALL consumers with the same protections afforded to Californians by the California Consumer Privacy Act, including the fundamental right to know what information companies are collecting about you and your families, and the right to tell them to stop sharing that information.”

  • Specifically (AB 375) gives all California consumers the right to:
  • Know all data collected by a business on you
  • Say no to the sale of your information
  • Delete data you’ve given to a business
  • Be informed what categories of data will be collected about you prior to its collection
  • Mandated opt-in before sale of children’s information (under the age of 16)
  • Know where your data is shared
  • Know where your data was acquired
  • Know why your information is being collected
  • A private right of action (meaning you can sue companies) when companies don’t take reasonable steps to protect your information, and it’s stolen.

“This legislation broke new ground in ways we didn’t think were possible only months ago. It is the most far-reaching consumer privacy legislation ever passed in the United States, and with one stroke of Governor Brown’s pen, the 5th largest economy in the world has meaningful privacy protection for the first time,” added Mactaggart. “To be clear: We will fight back against any attempts to undermine our state’s ability to provide these fundamental rights to California consumers, and will support further efforts to provide these rights to ALL Americans.”

“We are on the right side of history here,” he added. “Europe has just made huge strides forward in consumer privacy. And as goes California, so goes the nation—it happened in auto emissions, solar technology, and entertainment—it will happen in privacy.”

 

Matt Dumiak is Director of Privacy Services, Customer Engagement Compliance at CompliancePoint focused on U.S. and international direct marketing compliance regulations. He works with clients in a variety of industries and is dedicated to providing reliable and practical consulting services. Matt has earned a Certified Information Privacy Professional (CIPP/US) certification from the International Association of Privacy Professionals (IAPP), a Customer Engagement Compliance Professional (CECP) certification from the Professional Association for Customer Engagement (PACE), and has a B.S. in Economics from Georgia College.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Data Collection, Data Security, Legal

Related Content:

  • Cybersecurity and information or network protection. Future technology web services for business and internet project CrowdStrike Cyber Armageddon: How Do Firms Now Build…
  • DDoS, NETSCOUT Arbor Insight 7 Layers of DDoS Attacks and How To…
  • cisco webex-rooms-modern-space AVI-SPL Receives Cisco 2023 Reimagine Workspaces Partner of…
  • data breach Nearly 900 Schools Impacted by National Student Clearinghouse…

Free downloadable guide you may like:

  • Download TechDecisions' Blueprint Series report on Security Awareness now!Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

    Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared to defend against them in this report from TechDecisions' Blueprint Series.

Reader Interactions

Trackbacks

  1. New California Law to Increase Cybersecurity of Personal Devices - My TechDecisions says:
    December 26, 2018 at 10:00 am

    […] addition the California Consumer Privacy Act, which was enacted earlier this year, the Golden State is instituting another cybersecurity law, which will kick-start in 2020, […]

    Reply
  2. Amidst National Privacy Law Discussions, State Data Privacy Legislation Introduced - My TechDecisions says:
    March 28, 2019 at 5:00 am

    […] California’s Consumer Protection Act (CCPA) even goes beyond breach notification and may require organizations to make significant changes in their data processing operations including honoring opt-outs of selling data and notification requirements surrounding sharing practices. However, it helps to have a strong understanding of what the GDPR laws are to recognize what this new consumer awareness and movement towards data privacy and protection laws mean for companies and consumers alike. […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.