In 2018, when businesses were preparing for the European Union’s General Data Privacy Regulation (GDPR), California quietly and quickly passed its own legislation: the California Consumer Privacy Act (CCPA). This regulation, with its emphasis on consumer privacy rights, has an interesting history of grassroots consumer advocacy coupled with swift legislative action provoked by the fear of a ballot initiative. But what security professionals may have missed is that the CCPA contains a surprise in the form of a provision devoted to “reasonable” cybersecurity procedures and policies.
Many businesses hope that the CCPA will change — serious amendments remain in the California legislative pipeline and should hit the governor’s desk this fall. However, the meat of the CCPA will likely remain the same. Now is the time to start preparing, especially for the cybersecurity standards, as the regulation goes into effect on January 1, 2020, with enforcements starting July 1, 2020.
Who Is Affected?
Not every business is covered by the CCPA; instead, it defines affected businesses in this way:
- Businesses with annual gross revenues in excess of $25 million dollars
- Those that purchase, sell, or share data from more than 50,000 consumers, households, or devices
- Those that derive 50% or more of their annual revenue from selling consumers’ personal information
There is no physical requirement for businesses to be based in California. If your business interacts with California residents — even through a website — and has gross revenues in excess of $25 million, you should start preparing for the CCPA.
The Hidden Security “Duty” in the Private Cause of Action
Tucked into the CCPA’s provision on consumers having a private right of action to sue businesses when their “nonencrypted or nonredacted personal information” is subjected to “unauthorized access, theft, or disclosure” is the security requirement. The CCPA specifies that people can sue “as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information.” This is, in effect, a regulatory mic drop. Suddenly, baked into the CCPA is a business’s “duty” to maintain “reasonable security procedures and practices” appropriate to the sliding scale of the sensitivity of the information. Unfortunately, those reasonable security procedures and practices are left undefined in the CCPA itself.
The CCPA now specifies penalties of $100 to $750 per incident per consumer plus actual damages plus injunctive relief. However, now a judge may consider a defendant’s “assets, liabilities, and net worth” in determining the damages.
Defining Duty and Reasonable Measures from Earlier California Laws
Arguably, under California common law (made by cases rather than by statutes), the duties articulated in the CCPA already existed. In 2016, the Office of the Attorney General in California published a document called the “Data Breach Report.” The Attorney General’s Data Breach Report articulated reasonable security practices, citing the Center for Internet Security’s 20 security controls as the baseline for an information security program.
Without additional guidance from the California legislature or Attorney General, businesses will need to build reasonable security measures from additional sources, including the National Institute of Standards and Technology’
But that’s not enough; the CCPA also states that a business must have various policies in place as well. The Act remains silent as to what policies beyond specific mentions of updating privacy policies, but it is clear that the Act also intends that businesses dust off ancient incident response plans, bring your own device policies, and various other security policies to make certain they are up to date.
What to Do Now
Reach out for help. Start by consulting with a lawyer to create a compliance plan of attack based on your business needs. This doesn’t need to be expensive, but it’s time to pick up the phone and ask questions. Many businesses took data inventories to comply with GDPR and now it’s time to begin that process again, searching out California resident data. Specifically, this summer you should look hard at your security program to see if it would be considered reasonable to a California judge and jury. If the answer is no, use the CCPA as the impetus to begin in earnest the changes necessary to bring your business into compliance.
Related Content:
Beth Burgin Waller is a lawyer who knows how to navigate between the server room and the board room. As chair of the cybersecurity & data privacy practice at Woods Rogers, she advises clients on cybersecurity and on data privacy concerns. In this capacity, she … View Full Bio
More Insights
Like!! Thank you for publishing this awesome article.
It is really a great and useful piece of info. I am glad that you shared this useful info with us. Please keep us informed like this. Thanks for sharing.
Perfect just what I was looking for! .
Hi there everyone, I am sure you will be enjoying here by watching such comic video lessons.
I am constantly thought about this, thanks for putting up.
Thank you for all of your efforts on this web page. My aunt really likes carrying out investigations and it’s really obvious why. A lot of people hear all concerning the dynamic mode you deliver great thoughts through the web site and boost response from some others on this subject so our favorite child is without a doubt being taught a great deal. Take pleasure in the remaining portion of the new year. You are performing a superb job.
Thanks for your posting. One other thing is individual American states have their unique laws in which affect property owners, which makes it quite hard for the our lawmakers to come up with a fresh set of rules concerning foreclosure on people. The problem is that a state possesses own legislation which may have interaction in an adverse manner in terms of foreclosure insurance plans.
very interesting subject , great post.
I love foregathering utile info, this post has got me even more info! .
—
Hello. impressive job. I did not anticipate this. This is a fantastic story. Thanks!
Youre so cool! I dont suppose Ive read something like this before. So good to seek out somebody with some authentic thoughts on this subject. realy thanks for starting this up. this website is something that is wanted on the internet, someone with a little originality. useful job for bringing something new to the internet!
Hello, I just wanted to say, you’re wrong. Your blog doesn’t make any sense.
|When I desire to place gallery or LightBox or even a slider on my website I forever attempt to use jQuery script for that.
I have really learned some new things via your site. One other thing I would really like to say is that newer computer system operating systems tend to allow extra memory to get used, but they as well demand more memory simply to perform. If people’s computer cannot handle more memory plus the newest program requires that ram increase, it is usually the time to shop for a new Laptop or computer. Thanks
Nice blog! Is your theme custom made or did you download it from somewhere? A theme like yours with a few simple adjustements would really make my blog jump out. Please let me know where you got your design. Kudos
Incredible points. Great arguments. Keep up the great spirit.
Hello every buddy, itís a fantastic fun at at this place viewing these funny YouTube movies at at this place, nice data, thanks to admin
Hello there, simply was aware of your weblog through Google, and located that it’s truly informative. I’m going to watch out for brussels. I will appreciate in case you proceed this in future. A lot of people shall be benefited from your writing. Cheers!
Regards for sharing the information with us.
I conceive this internet site has got very superb pent articles articles.
I think other web site proprietors should take this website as an model, very clean and magnificent user genial style and design, let alone the content. You are an expert in this topic!
Thanks for sharing superb informations. Your web-site is very cool. I’m impressed by the details that you’ve on this blog. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for extra articles. You, my friend, ROCK! I found just the info I already searched everywhere and simply couldn’t come across. What an ideal website.
This site truly has all the information I wanted about this subject and didn’t know who to ask.
I am really enjoying the theme/design of your site. Do you ever run into any internet browser compatibility problems? A number of my blog visitors have complained about my site not operating correctly in Explorer but looks great in Firefox. Do you have any advice to help fix this problem?
It’s really a nice and useful piece of information. I am glad that you shared this helpful info with us. Please keep us up to date like this. Thanks for sharing.
Hello to all, I am also actually keen of learning Personal home pages programming, except I am new one, I always used to read articles related to Personal home page programming.
Hello everybody, I am sure you will be enjoying here by watching such funny movies.
Good – I should definitely pronounce, impressed with your website. I had no trouble navigating through all tabs and related info ended up being truly simple to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or anything, website theme . a tones way for your customer to communicate. Excellent task..
Very interesting subject , regards for putting up.
“one of our guests lately suggested the following website”
I have been surfing online more than 3 hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me. In my view, if all web owners and bloggers made good content as you did, the web will be much more useful than ever before.
Thank you for your article.Really thank you! Much obliged.
Very informative post.Really thank you! Really Cool.
Heya i’m for the first time here. I found this board and I find It really useful & it helped me out much. I hope to give something back and aid others like you helped me.
Very informative article.Thanks Again.
A big thank you for your post.Much thanks again. Great.
Very neat post.Thanks Again. Really Great.
Hello, I just wanted to tell you, you’re dead wrong. Your article doesn’t make any sense.
I really liked your article.Thanks Again. Will read on…
Say, you got a nice article.Much thanks again. Really Great.
Good day! Do you use Twitter? I’d like to follow you if that would be ok. I’m definitely enjoying your blog and look forward to new posts.
Im thankful for the blog post.Thanks Again. Want more.
Very good blog article.Thanks Again. Keep writing.
Enjoyed every bit of your post.Much thanks again. Want more.
A big thank you for your article post.Really looking forward to read more. Great.
Great, thanks for sharing this blog post.Much thanks again. Fantastic.
I value the blog article. Great.
Say, you got a nice blog post.Thanks Again. Much obliged.
Thanks to my father who informed me about this blog, this weblog is in fact awesome.
Thanks again for the article.Really looking forward to read more. Keep writing.
I loved your blog article. Really Great.
Really informative article.Much thanks again.
wow, awesome blog.Thanks Again. Fantastic.
Rattling clear site, regards for this post.
Great blog article. Want more.
Awesome blog post.Thanks Again. Really Cool.
Thanks again for the post. Keep writing.
I really liked your article post.Thanks Again. Keep writing.
Great, thanks for sharing this article.Really thank you! Great.
I loved your blog.Thanks Again. Keep writing.
Awesome article post.Thanks Again. Much obliged.
A round of applause for your article post.Thanks Again. Really Cool.
Interesting post right here. One thing I’d like to say is that most professional job areas consider the Bachelor’s Degree as the entry level standard for an online college diploma. Even though Associate Certifications are a great way to get started, completing your Bachelors opens many entrance doors to various employment opportunities, there are numerous internet Bachelor Diploma Programs available through institutions like The University of Phoenix, Intercontinental University Online and Kaplan. Another thing is that many brick and mortar institutions give Online variations of their college diplomas but generally for a considerably higher fee than the providers that specialize in online qualification plans.
Appreciate you sharing, great blog article.Much thanks again. Much obliged.
I cannot thank you enough for the blog.Really thank you! Really Great.
A big thank you for your blog post. Keep writing.
Thanks so much for the blog article.Thanks Again. Cool.
Very good post.Thanks Again. Really Great.
This is one awesome blog.Much thanks again.
I really like and appreciate your blog post. Awesome.
wow, awesome blog article.Really looking forward to read more. Awesome.
What i don’t realize is in fact how you are no longer really much more well-appreciated than you might be right now. You are very intelligent. You know thus significantly in terms of this matter, produced me individually believe it from so many varied angles. Its like women and men are not interested except it is one thing to do with Woman gaga! Your individual stuffs nice. At all times deal with it up!
Thank you ever so for you post.Thanks Again. Great.
Major thanks for the blog article.Really looking forward to read more. Really Cool.
Thank you ever so for you article post.Really looking forward to read more. Keep writing.
Say, you got a nice article post.Thanks Again. Really Cool.
I loved your blog post. Much obliged.
Major thanks for the article. Great.
This is one awesome article.Really looking forward to read more. Really Great.
Thanks for sharing, this is a fantastic blog post.Much thanks again. Want more.
I appreciate you sharing this blog post.Much thanks again. Want more.
WONDERFUL Post.thanks for share..more wait .. …
Im obliged for the post.Really thank you! Want more.
Really informative blog post.Thanks Again. Cool.
Major thanks for the blog article.Really looking forward to read more. Really Cool.
Major thanks for the article.Really thank you! Really Cool.
A round of applause for your article.Really looking forward to read more. Want more.
Hey, thanks for the blog article.Really looking forward to read more. Want more.
Major thanks for the article post. Much obliged.
some truly interesting details you have written.
Great, thanks for sharing this article.Much thanks again. Great.
I loved your post.Really looking forward to read more. Will read on…
Really informative blog post.Really thank you! Much obliged.
The next time I read a blog, I hope that it doesnt disappoint me as much as this one. I mean, I know it was my choice to read, however I actually thought youd have one thing interesting to say. All I hear is a bunch of whining about something that you could possibly repair when you werent too busy on the lookout for attention.
Looking forward to reading more. Great post.
This is one awesome blog article.Really looking forward to read more. Fantastic.
A big thank you for your blog.Thanks Again. Great.
I believe that avoiding refined foods is the first step in order to lose weight. They may taste excellent, but refined foods contain very little vitamins and minerals, making you take more only to have enough strength to get throughout the day. Should you be constantly feeding on these foods, moving over to whole grains and other complex carbohydrates will make you to have more energy while feeding on less. Good blog post.
I really enjoy the article.Thanks Again. Really Cool.
Great blog post. Much obliged.
Thanks a lot for the article post.Thanks Again. Awesome.
Hi friends, how is the whole thing, and what you desire to say regarding this post, in my view its truly remarkable designed for me.
I truly appreciate this blog article. Great.
Very informative blog post. Awesome.
[email protected]
I believe everybody went like Ones New website, reason being things like this site without doubt has a article on quality. I loved read A New content. go on To remain a useful article, I will avail Once more by One additional time. Bless you.
Wow, great blog article.Much thanks again. Awesome.
Great, thanks for sharing this article.Thanks Again. Want more.
A round of applause for your article post.Really looking forward to read more. Keep writing.
Thanks-a-mundo for the post.Much thanks again. Cool.
I appreciate you sharing this article post.Really thank you! Much obliged.
Thanks so much for the blog article.Really looking forward to read more.
Very neat post. Awesome.
What a nice YouTube video it is! Amazing, I loved it, and I am sharing this YouTube film with all my friends.
Thanks-a-mundo for the article post.Thanks Again. Really Great.
I truly appreciate this blog post.Thanks Again. Great.
Thanks for the blog article.Really looking forward to read more. Really Cool.
Really informative article post.Thanks Again. Really Cool.
This is one awesome blog. Great.
I think this is a real great blog post.Thanks Again. Fantastic.
This is one awesome blog. Will read on…
Fantastic post.Really thank you! Will read on…
wow, awesome article.Really thank you! Cool.
Wow, great article post.Really thank you! Awesome.
Im obliged for the blog post.Really thank you! Will read on…
I loved your blog.Really looking forward to read more. Cool.
Thanks so much for the blog article.Much thanks again. Much obliged.
Thanks for sharing, this is a fantastic blog article.Thanks Again. Want more.
Great blog article. Will read on…
This is one awesome blog. Great.
Wow, great article.Much thanks again. Awesome.
Thank you ever so for you post.Thanks Again. Will read on…
Im thankful for the blog article.Much thanks again. Great.
Very neat blog.Much thanks again. Keep writing.
I am so happy to read this. This is the kind of manual that needs to be given and not the accidental misinformation that is at the other blogs. Appreciate your sharing this greatest doc.
Major thanks for the post.Really thank you! Much obliged.
I really enjoy the article post.Thanks Again. Really Great.
As soon as I observed this site I went on reddit to share some of the love with them.
I have realized that online degree is getting common because getting your degree online has become a popular selection for many people. A large number of people have not really had a possible opportunity to attend a regular college or university nevertheless seek the improved earning potential and career advancement that a Bachelor’s Degree provides. Still other people might have a diploma in one field but wish to pursue anything they already have an interest in.
Enjoyed every bit of your article post.Really thank you! Awesome.
This is one awesome blog article.Really thank you! Much obliged.
Hiya, I’m really glad I have found this information. Nowadays bloggers publish just about gossip and internet stuff and this is really frustrating. A good website with interesting content, this is what I need. Thank you for making this website, and I will be visiting again. Do you do newsletters? I Cant find it.
A big thank you for your post.Much thanks again. Awesome.
This is one awesome post.Really looking forward to read more. Much obliged.
Muchos Gracias for your blog.Really looking forward to read more. Awesome.
Im thankful for the blog article.Thanks Again. Really Great.
Major thanks for the blog post.Really looking forward to read more. Awesome.
Major thanks for the post.Thanks Again. Keep writing.
I am so happy to read this. This is the kind of manual that needs to be given and not the random misinformation that is at the other blogs. Appreciate your sharing this best doc.
Thanks for sharing, this is a fantastic blog post.Really thank you! Awesome.
I truly appreciate this blog.Really thank you! Much obliged.
Major thanks for the blog post.Really thank you! Keep writing.
Thanks so much for the post.Much thanks again. Awesome.
Major thanks for the blog post.Thanks Again. Great.
Thanks a lot for the article.Really looking forward to read more. Really Great.
Sharing some thing is better than keeping up-to our self, thus the YouTube video that is posted at this time I am going to share by my family and colleagues.
Thank you for your article.Thanks Again. Awesome.
You should take part in a contest for one of the highest quality websites online. I will recommend this site!
Thanks-a-mundo for the blog. Fantastic.
Good web site! I really love how it is easy on my eyes and the data are well written. I’m wondering how I could be notified when a new post has been made. I have subscribed to your RSS which must do the trick! Have a nice day!
Howdy would you mind sharing which blog platform you’re using? I’m going to start my own blog in the near future but I’m having a hard time selecting between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design and style seems different then most blogs and I’m looking for something completely unique. P.S My apologies for getting off-topic but I had to ask!
Great post! We will be linking to this great post on our site. Keep up the great writing.
Hey, thanks for the article.Really thank you! Keep writing.
Enjoyed every bit of your article post.Really thank you!
Just wanna input on few general things, The website style and design is perfect, the subject matter is real great : D.
Thank you for your article post.Much thanks again. Great.
This is one awesome blog post.Really looking forward to read more. Great.
Major thankies for the article.Really thank you! Cool.
Hi there to every one, the contents present at this site are truly remarkable for people experience, well, keep up the good work fellows.
This is the proper weblog for anyone who desires to find out about this topic. You understand a lot its almost exhausting to argue with you (not that I actually would need…HaHa). You positively put a brand new spin on a topic thats been written about for years. Nice stuff, just nice!
Wow that was strange. I just wrote an really long comment but after I clicked submit my comment didn’t show up. Grrrr… well I’m not writing all that over again. Anyway, just wanted to say excellent blog!
Hello, all is going perfectly here and ofcourse every one is sharing data, thatís really good, keep up writing.