Getting Started on the California Consumer Privacy Act

Getting Started on the California Consumer Privacy Act

by Paul Lanois, SSCP, CIPP, CIPT, CIPM, Member of the (ISC)² Advisory Council of North America Privacy Working Group


If you have spent any amount of time online recently, then it is extremely likely that you have already heard about the General Data Protection Regulation (the "GDPR"), the European regulation which came into effect on May 25, 2018 and which governs data protection or individuals which have their personal data processed or stored by an organization within the European Economic Area (EEA). Meanwhile, information management professionals are likely to remain very busy in the coming months with the upcoming California Consumer Privacy Act of 2018 (the "CCPA") which can be considered as the most far-reaching data privacy law in the United States so far.


The CCPA is California's new privacy legislation that gives greater privacy rights to Californian residents and creates new obligations on relevant businesses. It shares a number of similarities with GDPR, while maintaining a number of differences with GDPR. There are some overlaps between the two laws and, indeed, the GDPR appears to have been the inspiration behind the CCPA. A large amount of work performed in connection with GDPR preparation provides effective foundations for CCPA compliance, although organizations should also bear in mind the distinctions between both legislations.


The CCPA was passed by the California State Legislature and signed into law by Governor Jerry Brown on June 28, 2018. It enters into effect on January 1, 2020, with enforcement to begin six months after the adoption of the California's Attorney General's regulations, or July 1, 2020, whichever is sooner.


Who does t ..