California Consumer Privacy Act (CCPA): What you need to know

In a bid to stop data privacy, data breaches and personal information getting compromised, the state of California, has decided to implement the California Consumer Privacy Act (CCPA), starting coming January, 2020.  This move will facilitate consumers at large and getting done away with a free access or unauthorised access of personal information.

With a goal of increasing transparency, access and control over such personal information and corporate accountability, the state of California (CA) had earlier passed a California Consumer Privacy Act (CCPA)  in June, 2018, to plug these data leaks.  This act will be implemented coming January, 2020, and enforceable in July, 2020, and will apply for the state of CA.

In wake of the CCPA implementation, the role of IT security advisors will become critical as organizations would require IT security advice- in terms of deployable solution, managing their IT security on how data can be made more secure, and how that data that can be shareable.

In this context, the Act classifies personal information as :

  • Personal data
  • IP Address
  • Geo-location data
  • Biometric information
  • Device and Cookie ID’s
  • Interntet activity information like browsing history, purchase history, individual information on race, color, age, sex, religion, genetic information, sexual orientation, political affliction, national origin citizenship status
  • inferences from personal information to understand consumer preference, character, psychological trends behavioural, abilities.

The same Act provides greater rights to consumers such as :

  • Right to know
  • right to equal service and privileges
  • right to access
  • right to erasure
  • right to opt-out
  • protection to minors

Who need to comply to this Act

Companies who also fall within the Act, are governed if :

  • companies generate over $25 million annual gross revenues
  • Collects, shares, buys, sells data of at least 50,000 consumers
  • makes at least 50% revenues from sale of personal information

What is exempt

The CCPA exempts non-profit entities that handle healthcare information, as well as providers and businesses already covered by the Health Insurance Portability and Accountability Act (HIPAA).  In case of wearable tech companies, the data collected is unclear.


 In case of default to comply with the Act, penalties will be levied : up to $2500 for negligent violations, $7500 for intentional violations; and $ 100-$750 consumer per incident.

Role of Vendors

 IT Security and service providers will have a big role to play.  Vendors can offer data protection as a service on the lines of managed services, or facilitate companies in appointing a data protection officer.  C-level executives are now realising that compliance is not just limited it being a part-time job, and a significant investment in time for compliance is the very much required. With regulations like GDPR, CCPA there will be creation of newly designated roles such as data protection officer.


 Enactment of this Act is a big welcome to all the residents, how this is going to be implemented and how ready are companies in terms of proper IT security deployments remains a question.  Companies who are into the business of collecting data have to be real smart in complying with the laws.  The need for IT security audit, or IT health assessment will bring the best practices in place.

Related Articles

Sennovate Insights: Gartner Magic Quadrant in Access Management 2019

Sennovate Insights: Gartner Magic Quadrant in Access Management 2019 Technology providers are present worldwide, but to know who is the best among the vendors is a challenging task for analysts, and for organizations to choose, as each vendor offering will have some...

Real ID-Compliant – A Must for all Residents

Real ID-Compliant – A Must for all ResidentsStarting October 1, 2020, every State and Territory Resident will need to present a REAL ID-compliant license/ID or another acceptable form of identification (like a passport or passport card) for boarding commercial...

AI Bias And Related Cyber Security Issues

AI Bias And Related Cyber Security IssuesAI systems is on a fast pace, many AI based systems and tools are already emerging or in development stage and soon to hit the market.  The business for AI looks exciting, however there is a dark side which is also emerging  -...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Unleash more of your potential with weekly updates, tailored for your team.