California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act is by far the most comprehensive privacy law in the country. The CCPA could be the first state law to stimulate “America’s GDPR Movement.” Directed at companies that collect and/or sell personal information, it is designed to give Californians more control over their own data.

The provisions of the CCPA will become operative on January 1, 2020. 

The CCPA expands the definition of “personal information” to include any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with a particular consumer or household. This includes information like a consumer’s name, postal address, social security number, education information, inferences drawn to create a profile about the consumer, consumer preferences, etc.

CCPA Insight



Let Us Help You Achieve Compliance

TBG Security consultants have been helping customers comply with State and Federal business and privacy regulations for more than a decade.

Working as either a full-service consultant, or as an adjunct to your in-house teams, TBG Security will execute our phased compliance readiness process to ensure that your business meets or exceeds your compliance requirements.

Services include:

  • Developing a Compliance Roadmap including the specific steps needed to achieve compliance.
  • Creating a comprehensive information security policy.
  • Performing an assessment to determine current level of regulatory compliance.
  • Providing remediation for vulnerabilities detected on your systems.
  • Deploying security infrastructure to protect California residents data.
  • Encrypting your company’s laptops and other mobile devices.
  • Securing your primary security infrastructure, including firewalls, VPN access, anti-phishing, and tools to protect against malicious code.

What If I Don’t Comply?

The bill limits the civil penalties the AG can impose to $2,500 for each violation of the CCPA or up to $7,500 per each intentional violation, and states that a violating entity will be subject to an injunction. (CCPA § 1798.155(b)).


CCPA At A Glance

Regulation type: State and Federal standards

Oversight/Enforcement: California Attorney General Xavier Becerra

The regulation: California Consumer Privacy Act (CCPA)

This Act grants a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared.

5 CCPA Requirements

  1. Data inventory and mapping of in-scope personal data and instances of “selling” data
  2. New individual rights to data access and erasure
  3.  New individual right to opt-out of data selling
  4. Updating service-level agreements with third-party data processors
  5. Remediation of information security gaps and system vulnerabilities


Although the CCPA incorporates some requirements that overlap with  GDPR’s individual rights requirements, it isn’t modeled after the GDPR. That said, just because you achieve GDPR compliance does not mean you’ll meet the requirements of CCPA. Below is a side by side comparison of GDPR and CCPA.

GDPR and CCPA comparison


Get In Touch

Need more information about CCPA or even GDPR? We’re here to help.


Contact us