The CCPA does not demand much around security requirements and breach intimations when compared with the GDPR. However, the law takes a broader view of what constitutes private data.
The CCPA does not define specific technical requirements, besides encryption and redaction, on how to store and secure customer data. But, it does give customers the right to act for data breaches out of failure in securing their personal data by companies. To this effect, consumers can sue companies if the privacy guidelines are not met with, even if it did not result into a breach. However, both, the GDPR and the CCPA, mention that litigation applies only to unencrypted sensitive data that is disclosed or lost, for whatever reason, making data encryption an important privacy protection component for businesses.
As an award-winning, globally trusted IT security company, Sophos recommends that organizations must follow the below security best practices to stay within the safety realm of the CCPA compliance checklist.