Prepare for Implementation of the CCPA

Since the European Union’s General Data Protection Regulation (GDPR) came into effect, advocates for better consumer data privacy laws have been pushing for regulation of consumer data privacy laws globally. California has addressed this growing concern by enacting the California Consumer Privacy Act (CCPA). To date, the CCPA is the most dramatic U.S. state legislation related to consumer data privacy.

The CCPA went into effect on Jan. 1, 2020. The primary purpose of the CCPA is to provide “consumers” with protections and rights as it relates to the collection, sale, and disclosure of their personal data. A consumer is defined as a natural person who lives in California other than for transitory or visitor purposes, or a person domiciled in California who is temporarily out of the State. Some of the key elements of the CCPA parallel consumer rights and protections under the GDPR, which was the first large scale effort by regulators, anywhere in the world, to enact rules related to consumer data privacy. While the CCPA’s jurisdiction is limited to personal information of California residents, it will have a significant impact because it applies to firms that may not be subject to GDPR.

In other words, almost all large companies will be subject to the CCPA, and so will a vast range of smaller companies that collect, sell, or store personal data. The following are key considerations for compliance officers to review for CCPA compliance.