With the European Union's General Data Protection Regulation (GDPR) implementation on May 25, 2018, a somewhat similar type of regulation will shortly be introduced in the United States, as well. Known as the California Consumer Privacy Act (CCPA) is expected to come into effect on January 1st, 2020, adding several new regulations regarding consumers' data.

Among these regulations, we can expect things like the rights of consumers to know what data about themselves is being collected, the right to deny the sale of that information, as well as the right to delete that data. They are also entitled to know the commercial purpose of their information, to know which third-parties will have access to it, as well as the private right of action when companies breach that data.

For companies to prepare themselves for the upcoming implementation of the CCPA, they need to be aware of the regulations and assess the business risks that may come attached. Below are several ways for your company to prepare for the California Consumer Privacy Act.

Updating Your Privacy Policy

One of the many new requirements of the CCPA is for every business having to deal with California residents is to update their privacy policies so that they include the residents' rights. You will need to have this ready before the act goes into effect on January 1st, 2020.

Leverage the GDPR

With many similarities between the GDPR and CCPA like subject data rights of access, portability, or erasure, companies can leverage their GDPR program now to prepare themselves for the upcoming CCPA better. To do this, you can use a Compliance Manager to ensure that you are up to code for both the GDPR and CCPA.

Mapping Your Data and Sources

One critical aspect that needs special consideration is your data inventories. You will need to map every piece of personal information about your customers, gathered by either your marketing or sales teams. Once this is complete, you will have to make sure that it's prepared for access, portability, and deletion requests from your clients. You will also need to make sure that your marketing software vendors are also able to fulfill these obligations. If not, it would be wise to switch to more privacy-oriented vendors.

Use Encryption to Protect Sensitive Information

The CCPA will impose penalties for data breaches of consumers personal information. When it comes to the GDPR and CCPA, encryption is seen as a useful and effective method of protecting such personal information from unauthorized parties in the event of a data breach.

Verify Your Third-Party Data Sources

Companies will also need to reevaluate those from who they buy customer data. These third parties need to be legitimate; otherwise, you may be subject to hefty fines since this is considered as operating on breached or stolen data.


To comply with the California Consumer Privacy Act, it's best that you find a partner that will help you navigate the path forward. Managed Solution will help ensure that you are in compliance with all the requirements of CCPA. Contact us today!

[vc_row][vc_column][vc_empty_space][vc_column_text]San Diego, CA, February 6, 2019. Athena San Diego hosted a panel of data privacy experts to discuss how changes in privacy, General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) affect businesses in the US.

Data privacy experts that shared their knowledge and experience with the audience:

  • Reem Allos, Senior Associate, KMPG
  • Robert Meyers, Director of Systems Architecture, Managed Solution
  • Marines Mercado, Sr Privacy Analyst, ResMed
  • Chris Vera, Manager, Office of Customer Privacy, SDGE

The field of privacy is changing. Consumers are now demanding privacy and noticing how their data is being used, and as a result they are taking back the control over their own data.  In addition, the laws are holding companies more accountable to respect the privacy of their consumers.

The reality is, data privacy laws are going to apply to your business sooner or later, no matter where you are in the world. Therefore, being informed and ready to comply with the laws is crucial for your business to thrive in the future and establish trust with your consumers.

Robert Meyers, Director of Systems Architecture at Managed Solution explained that the number one challenge that companies face is knowing what data they are collecting in the first place: “The challenges arise when you are keeping data that you do not need anymore. Do not be a data pack rat, know what you have and delete what you do not need.”

The debate was very lively as the audience had a lot of questions and examples for the panel, demonstrating that new data privacy laws bring uncertainty. Therefore, every business should make sure they know in what way the privacy laws affect them and the data they collect and store.[/vc_column_text][grve_callout button_text="Apply here" button_link="url:https%3A%2F%2Fmanagedsolut.wpengine.com%2Fcontact-us%2F||target:%20_blank|"]To help you make first steps towards the CCPA, we offer a free 30 min consultation with our data privacy guru Robert Meyers, CISM, CIPP/E.[/grve_callout][/vc_column][/vc_row]

The purpose of the California Consumer Privacy Act of 2018 is to force changes onto enterprises that deal in personal data. The Act was passed by the California state legislature and was signed by its governor in June 2018. The bill grants consumers the right to request a business to disclose specific pieces and categories of personal information that they collect about them, the types of information sources, and the business purposes for collecting or selling the information. The bill becomes active on January 1st, 2020.

States and countries are taking consumer rights and personal data privacy more seriously.

Who is Liable for Compliance with the Consumer Privacy Act of 2018?

If your business meets these thresholds, then it is liable for compliance:

  • Annually receives for business’ commercial purposes, buys, shares or sells for commercial purposes, in combination or alone, the personal information of 50,000 consumers, devices, or households.
  • Derives 50% or more of its annual revenues from selling personal information of their consumers.
  • Has annual gross revenues larger than $25 million.

Here are some details of the Consumer Privacy Act of 2018, both from the business and consumer standpoint.

The Business Standpoint

  • The Consumer Privacy Act applies to any business that collects consumer’s personal information. It includes both large corporations (with brick-and-mortar and online stores) and smaller companies that meet the above thresholds. Even if a business doesn’t fit the monetary limit (i.e., small business with a modestly popular app or website), the Act may be applied.
  • For a business to comply with this new legislation, it will need to implement new infrastructure to handle their consumer request. Also, it will need to alter their website to comply with the bill. It will increase the cost of doing business for some companies.
  • Can a business charge differently based on consumers choosing to exercise their rights? There’s some confusion about that. A part of the bill says that businesses cannot charge different prices if a consumer exercised their right, but nothing seems to prevent a company from doing that. We’ll have to wait to see what will unfold over time.
  • An enterprise can offer consumers an incentive for collecting, selling and deleting personal information. To achieve this, consumers would have to provide their consent (which they can revoke at any time.)

The Consumer’s Standpoint

  • A consumer has the Right of Access – they can request a business that collects personal information to disclose the specific pieces and categories of personal information that the company has collected.
  • Also, a consumer can exercise the Right of Deletion. They can request the business to delete any personal information it has collected.
  • A consumer has the right to know to whom their personal information was sold. Businesses are obligated to release information about how and to whom they disclosed or sold the consumer’s personal information.
  • The consumer gains more control over how their personal information is collected, sold, or used.

Businesses need to be prepared, as the California Consumer Privacy Act of 2018 is coming into compliance in about a year. The majority of companies will be affected by these changes in conducting business in California (and other states will inevitably follow.) Businesses can’t afford to delay their response both to the GDPR and the 2018 Consumer Privacy Act.

Contact Managed Solutions to get help in preparing for the California Consumer Privacy Act of 2018 compliance.

Contact us Today!

Chat with an expert about your business’s technology needs.