BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

How does the California Consumer Privacy Act (CCPA) Impact You?

September 24, 2019

  • Blog
  • Archive

On September 10, 2019 – I presented the webinar on What is the CCPA and Why Should you Care?, which you can now watch on-demand here. If you are in scope for the California Consumer Privacy Act (CCPA) and are not nearing completion on it, then expect to spend a lot of long weekends in the office in the coming months.

On January 1, 2020, the California Consumer Privacy Act (CCPA) goes into effect. If you are familiar with the General Data Protection Regulation (GDPR) from the European Union, then the CCPA won’t be such a momentous initiative. If you want to see the differences between the two, here’s a helpful CCPA and GDPR comparison guide from the Future of Privacy Forum. But to the point - CCPA will be the toughest data privacy law in the United States.

The CCPA aims to provide enhanced privacy rights and consumer protection for California residents. It gives these residents numerous rights around their data. Some of the new rights they have include:

  1. Business must disclose the personal data collected, sold, or disclosed for a business purpose about a consumer. And also inform consumers the categories of personal data collected and the purposes for which their personal data will be used.
  2. Not to discriminate against a consumer who exercises their CCPA rights. That runs the gamut from pricing, quality, service levels and more.
  3. Provide the consumer with access to their data.
  4. Upon request, delete personal data of the consumer. If you have shared that personal data with a 3rd-party, they must also delete that data.
  5. Provide the consumer with the ability to opt-out. You must give them the right to opt out of the sale of their personal data. Part of this includes easy to use links to do that from your web site.

The CCPA may apply to you if you are a business that collects the personal data of California consumers and does business in California. That means there are a huge number of businesses that are now in scope for this regulation. If you are one of those businesses, then each of those five items listed above means you have a lot of work to do.

What is considered personal data under CCPA?

Since personal data is what drives everything, it’s crucial to fully understand what CCPA considers personal data. Like GDPR, CCPA takes a far-reaching approach to what it regards as personal data. Section 1798.140(o)(1) of the CCPA bill defines personal information as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

That section includes the standard identifiers such as name, address, passport number, social security number, driver’s license number, and much more. But it also extends into other information such as biometric data, audio, electronic, visual, thermal, olfactory, or similar information, Internet or other electronic network activity information, geolocation data, and lots more. And I mean lots, lots more. In fact, it might be easier at first to say what’s not personal data, than to define what is.

Start working on your CCPA compliance plan

For any business of substantial size, it’s highly likely that you are in scope for CCPA. Don’t think of trying to play wait and see with CCPA. It’s not going away, and hoping it does will prove a foolish business decision. The EU has recently issued hundreds of millions in fines against companies for GDPR violations. The State of California will have similar enforcement capabilities. CCPA is not poker and there’s no way to bluff yourself out of it.

CCPA is huge. Read the details and it’s easy to see that CCPA requires firms to make major infrastructure changes. CCPA mandates a significant amount of new processes around data collection. It requires significant reengineering and rearchitecture around how personal data is handled.

If you think you are in scope for CCPA, take a few days to read everything you can on the topic. The more educated you are about the act, the better you can deal with it.

And for a deeper dive on this subject, check out my on-demand webinar here.

Related Reading

Is Your Identity at Risk from Biometric Data Collection?

The State of GDPR Compliance 1 Year in, & How to Improve Your Data Privacy Controls

The Exactis Data Breach: Paving the Road to a Data Dystopia (or a US GDPR?)

Photograph of Ben Rothke

Ben Rothke, Senior Security Consultant, Nettitude

Ben Rothke (@benrothke) is a senior security consultant with Nettitude and has over 15 years of industry experience in information systems security and privacy. His career incorporates a successful track record across corporate and consulting roles, securing IT assets for numerous Fortune 1000 companies.

He is the author of Computer Security - 20 Things Every Employee Should Know (McGraw-Hill) and a speaker at industry conferences, such as RSA and MISTI, and holds numerous industry certifications.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Capabilities to NIST SP 800-207

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.