Sophos supports efforts to comply with the CCPA

CCPA Security Best PracticesContact Us

The California Consumer Privacy Act (CCPA) was established in June 2018. The law became effective beginning January 1, 2020, and was fully enforced from July 1, 2020. The CCPA is a result of the major data breach incidents in last few years, the Cambridge Analytica scandal being the most important one, that pushed the state of California to quickly develop and pass the CCPA policy and legislation. Sophos recommends that organizations must follow the security best practices to stay within the safety realm of the CCPA compliance checklist.

Secure personal data

Protect stored personal data with full-disk encryption from Sophos Encryption. Validate user and device health before allowing access to applications and data with Sophos ZTNA. Secure sensitive data as it is transmitted with Sophos Email, Sophos Mobile, and Sophos Wireless.


Control access with multi-factor authentication

Identify and authenticate access to system components with Sophos FirewallSophos Central, and Sophos Mobile. Adopt the least privilege principle to limit access to corporate resources with Sophos Cloud Optix.


Plan your security incident readiness

Get super-fast cyber security incident response delivered by Sophos experts as a fully managed service with Sophos Managed Threat Response and Sophos Rapid Response. Learn more.



California is the first state to pass a data privacy law in the United States and this move is believed to become a precedent for other states in the US. Just like the GDPR, the main aim of the law is to give more control to California consumers over their private data collected by companies.

CCPA vs GDPR: Know the Difference

Download the Security Best Practices for more details on how Sophos solutions help your efforts to stay within the safety realm of the CCPA compliance checklist.

CCPA Security Best Practices

CCPA and IT Security: A Refresher

The CCPA does not demand much around security requirements and breach intimations when compared with the GDPR. However, the law takes a broader view of what constitutes private data.

The CCPA does not define specific technical requirements, besides encryption and redaction, on how to store and secure customer data. However, it does give customers the right to act for data breaches out of failure in securing their personal data by companies. To this effect, consumers can sue companies if the privacy guidelines are not met with, even if it did not result into a breach. However, both, the GDPR and the CCPA, mention that litigation applies only to unencrypted sensitive data that is disclosed or lost, for whatever reason, making data encryption an important privacy protection component for businesses.

What are you waiting for?

Let our experts at Sophos help to build the right solution for your needs.

Contact Us