The California Consumer Privacy Act (CCPA) was established in June 2018. The law became effective beginning January 1, 2020, and was fully enforced from July 1, 2020. The CCPA is a result of the major data breach incidents in last few years, the Cambridge Analytica scandal being the most important one, that pushed the state of California to quickly develop and pass the CCPA policy and legislation. Sophos recommends that organizations must follow the security best practices to stay within the safety realm of the CCPA compliance checklist.
CCPA vs GDPR
California is the first state to pass a data privacy law in the United States and this move is believed to become a precedent for other states in the US. Just like the GDPR, the main aim of the law is to give more control to California consumers over their private data collected by companies.
CCPA and IT Security: A Refresher
The CCPA does not demand much around security requirements and breach intimations when compared with the GDPR. However, the law takes a broader view of what constitutes private data.
The CCPA does not define specific technical requirements, besides encryption and redaction, on how to store and secure customer data. However, it does give customers the right to act for data breaches out of failure in securing their personal data by companies. To this effect, consumers can sue companies if the privacy guidelines are not met with, even if it did not result into a breach. However, both, the GDPR and the CCPA, mention that litigation applies only to unencrypted sensitive data that is disclosed or lost, for whatever reason, making data encryption an important privacy protection component for businesses.