Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • How does the California Consumer Privacy Act (CCPA) Impact You? current page
Link copied

How does the California Consumer Privacy Act (CCPA) Impact You?

Sep 24, 2019
Author:
Ben Rothke Bio Pic
Ben Rothke
Senior Security Consultant, Nettitude
Blog banner default
How does the California Consumer Privacy Act (CCPA) Impact You?
Ben Rothke Bio Pic
Ben Rothke
Senior Security Consultant, Nettitude

On September 10, 2019 – I presented the webinar on What is the CCPA and Why Should you Care?, which you can now watch on-demand here. If you are in scope for the California Consumer Privacy Act (CCPA) and are not nearing completion on it, then expect to spend a lot of long weekends in the office in the coming months.

On January 1, 2020, the California Consumer Privacy Act (CCPA) goes into effect. If you are familiar with the General Data Protection Regulation (GDPR) from the European Union, then the CCPA won’t be such a momentous initiative. If you want to see the differences between the two, here’s a helpful CCPA and GDPR comparison guide from the Future of Privacy Forum. But to the point - CCPA will be the toughest data privacy law in the United States.

The CCPA aims to provide enhanced privacy rights and consumer protection for California residents. It gives these residents numerous rights around their data. Some of the new rights they have include:

  1. Business must disclose the personal data collected, sold, or disclosed for a business purpose about a consumer. And also inform consumers the categories of personal data collected and the purposes for which their personal data will be used.
  2. Not to discriminate against a consumer who exercises their CCPA rights. That runs the gamut from pricing, quality, service levels and more.
  3. Provide the consumer with access to their data.
  4. Upon request, delete personal data of the consumer. If you have shared that personal data with a 3rd-party, they must also delete that data.
  5. Provide the consumer with the ability to opt-out. You must give them the right to opt out of the sale of their personal data. Part of this includes easy to use links to do that from your web site.

The CCPA may apply to you if you are a business that collects the personal data of California consumers and does business in California. That means there are a huge number of businesses that are now in scope for this regulation. If you are one of those businesses, then each of those five items listed above means you have a lot of work to do.

What is considered personal data under CCPA?

Since personal data is what drives everything, it’s crucial to fully understand what CCPA considers personal data. Like GDPR, CCPA takes a far-reaching approach to what it regards as personal data. Section 1798.140(o)(1) of the CCPA bill defines personal information as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

That section includes the standard identifiers such as name, address, passport number, social security number, driver’s license number, and much more. But it also extends into other information such as biometric data, audio, electronic, visual, thermal, olfactory, or similar information, Internet or other electronic network activity information, geolocation data, and lots more. And I mean lots, lots more. In fact, it might be easier at first to say what’s not personal data, than to define what is.

Start working on your CCPA compliance plan

For any business of substantial size, it’s highly likely that you are in scope for CCPA. Don’t think of trying to play wait and see with CCPA. It’s not going away, and hoping it does will prove a foolish business decision. The EU has recently issued hundreds of millions in fines against companies for GDPR violations. The State of California will have similar enforcement capabilities. CCPA is not poker and there’s no way to bluff yourself out of it.

CCPA is huge. Read the details and it’s easy to see that CCPA requires firms to make major infrastructure changes. CCPA mandates a significant amount of new processes around data collection. It requires significant reengineering and rearchitecture around how personal data is handled.

If you think you are in scope for CCPA, take a few days to read everything you can on the topic. The more educated you are about the act, the better you can deal with it.

And for a deeper dive on this subject, check out my on-demand webinar here.

Related Reading

Is Your Identity at Risk from Biometric Data Collection?

The State of GDPR Compliance 1 Year in, & How to Improve Your Data Privacy Controls

The Exactis Data Breach: Paving the Road to a Data Dystopia (or a US GDPR?)

Latest Posts
  • Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Jun 9, 2026 Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Blog
    6m
  • Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Jun 8, 2026 Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Blog
    5m
  • The Most Common & Most Dangerous Types of Shadow IT
    Jun 5, 2026 The Most Common & Most Dangerous Types of Shadow IT
    Blog
    19m
  • 14 Password Management Best Practices
    May 28, 2026 14 Password Management Best Practices
    Blog
    12m
  • A Security Researcher’s Guide to Understanding Copilot Studio AI Agents
    May 26, 2026 A Security Researcher’s Guide to Understanding Copilot Studio AI Agents
    Blog
    3m
Related
  • How to Exploit Remote Desktop Protocol Vulnerabilities
    Jul 21, 2020 How to Exploit Remote Desktop Protocol Vulnerabilities
    Blog
    1m
  • Is Cybersecurity Insurance Leading to More Lax Security?
    May 15, 2020 Is Cybersecurity Insurance Leading to More Lax Security?
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.