California Consumer Privacy Act (CCPA)

Female Government Employee Works in a Monitoring Room. In The Background Supervisor Holds Briefing. Possibly Government Agency Conducts Investigation.

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act is by far the most comprehensive privacy law in the country. The CCPA could be the first state law to stimulate “America’s GDPR Movement.” Directed at companies that collect and/or sell personal information, it is designed to give Californians more control over their own data.

The provisions of the CCPA will become operative on January 1, 2020. 

The CCPA expands the definition of “personal information” to include any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with a particular consumer or household. This includes information like a consumer’s name, postal address, social security number, education information, inferences drawn to create a profile about the consumer, consumer preferences, etc.


Hands protecting Personal Data information on Tablet. Information and cyber security Technology Services concept. Internet Technology

CCPA Consequences

CCPA to penalize firms that are not good stewards of customer data.

Night Office: Portrait of Handsome Man in Working on Desktop Computer. Digital Entrepreneur Typing, Creating Software, e-Commerce App Design, Programming. Thoughtful Happy Man Finding Solution

Let Us Help You Achieve Compliance

TBG Security consultants have been helping customers comply with State and Federal business and privacy regulations for more than a decade.

Working as either a full-service consultant, or as an adjunct to your in-house teams, TBG Security will execute our phased compliance readiness process to ensure that your business meets or exceeds your compliance requirements.

Services include:

  • Developing a Compliance Roadmap including the specific steps needed to achieve compliance.
  • Creating a comprehensive information security policy.
  • Performing an assessment to determine current level of regulatory compliance.
  • Providing remediation for vulnerabilities detected on your systems.
  • Deploying security infrastructure to protect California residents data.
  • Encrypting your company’s laptops and other mobile devices.
  • Securing your primary security infrastructure, including firewalls, VPN access, anti-phishing, and tools to protect against malicious code.
Young professional reviewing reports at the office.

What If I Don’t Comply?

The bill limits the civil penalties the AG can impose to $2,500 for each violation of the CCPA or up to $7,500 per each intentional violation, and states that a violating entity will be subject to an injunction. (CCPA § 1798.155(b)).

CCPA At A Glance

Regulation type: State and Federal standards

Oversight/Enforcement: California Attorney General Xavier Becerra

The regulation: California Consumer Privacy Act (CCPA)

This Act grants a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared.

5 CCPA Requirements

  1. Data inventory and mapping of in-scope personal data and instances of “selling” data
  2. New individual rights to data access and erasure
  3.  New individual right to opt-out of data selling
  4. Updating service-level agreements with third-party data processors
  5. Remediation of information security gaps and system vulnerabilities

CCPA Is Not “GDPR For The U.S.”

Although the CCPA incorporates some requirements that overlap with  GDPR’s individual rights requirements, it isn’t modeled after the GDPR. That said, just because you achieve GDPR compliance does not mean you’ll meet the requirements of CCPA. Below is a side by side comparison of GDPR and CCPA.

Need more information about CCPA or even GDPR? We’re here to help.

Contact Us