Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Cybersecurity Response to the California Consumer Privacy Act

By Armistead Whitney
CCPA
March 5, 2020
If you’re familiar with the world of cybersecurity and privacy, you’ve likely heard of the California Consumer Privacy Act (CCPA), a comprehensive consumer protection law intended to enhance privacy rights and consumer protection for residents in the state. This groundbreaking privacy law has set a new world of cybersecurity compliance into motion and shows no signs of slowing down.
 
2020 is here and companies that fall under CCPA requirements need to take immediate actionable steps now. While many companies are aware that they are subject to the law, 85 percent say they have only partially implemented policies to comply or have done nothing to prepare, according to a recent poll conducted by cybersecurity management software provider, Apptega. Non-compliant businesses will not only face hefty fees but potentially adverse impacts to their brand, a loss of customers and negative PR. What’s even more concerning is many companies don't know what data they even have on individuals or what they are doing with it.
 

Who Does CCPA Impact?

CCPA has far-reaching impacts on many businesses and business activities. Many of the impacted parties were not formerly subject to US privacy rules and regulations. Contrary to what the name might suggest, the law is not limited to companies with a physical operation in California. Instead, it applies to any for-profit entity that meets the following criteria:
  • Has a gross annual revenue of $25 million or more.
  • Annually purchases or receives for commercial purposes, or sells or shares for commercial purposes, personal information for 50,000 or more consumers, households, or devices in the state of California.
  • Or generates 50 percent or more of their annual gross revenue from selling personal information.
 

Impact to Companies that Handle Data

CCPA poses additional personal information concerns for companies that handle data. These include:
  • CCPA requires companies with joint partnerships or who are sharing emails with third parties to comply with the same regulations
  • CCPA-mandated companies have to allow users to opt-out and must offer several notification methods
  • CCPA-mandated companies cannot discriminate against users who choose to opt-out of the sale of information
 

Understanding Recent Amendments to CCPA

CCPA’s requirements are constantly being amended and changed. Following are a few recent amendments.
  1. AB 25 exempts employee data and beneficiary and emergency contact data from CCPA’s scope until January 21, 2021. Companies must still provide a privacy notice to employees, as well as the direct right of action in case of breach.
  2. Amendment AB 874 spells out the definition of personal information by clarifying that personal information does not include de-identified or aggregated consumer information.
  3. Amendment AB1564 permits a business that operates exclusively offline and has a direct relationship with a consumer from whom it collects personal information to only provide an email address for submitting requests to exercise various CCPA rights. Also, a FCRA expansion clarifies that as long as you’re meeting the requirements for FCRA, it is exempt from CCPA.
  4. Amendment AB1146 exempts vehicle information shared between a new auto dealer and a vehicle manufacturer when information is shared or retained pursuant to, or in anticipation of, a vehicle repair relating to warranty work or recall.
  5. Amendment AB1355 adds an exclusion of de-identified and aggregate information from the definition of personal information with other clean-up changes. This amendment includes a B2B exception until January 21, 2021 for information collected in the context of the business of conduction due diligence regarding a company, nonprofit, or government agency, or the information is collected in the provision or receipt of a product or service to or from a company, nonprofit, or government agency. Also, as part of the new amendments, new requirement AB 1202 defines and requires data brokers to register as a data broker and provide certain information to the attorney general.
 

Tips to Comply to CCPA

CCPA specifies non-compliant companies could have fines of up to $750 per individual consumer in civil court and fines up to $7,500 per incident by the attorney general. And for data breach cases identified as negligent, fines of $100 to $750 per infraction per record can be enacted. For example, an organization breached under CCPA with 50,000 exposed individual records could garner a fine of over $30 million dollars. Following are tips to help
impacted businesses comply.
 

1. Understand Whether CCPA Applies to Your Business

If your business meets the criteria, you’ll have to implement CCPA regulations. If your company does not meet any one of the three thresholds, your business won’t be affected by the law and is not legally required to adhere to these requirements. Despite this, make sure you’re keeping up with digital consumer privacy laws, as they change frequently state-by-state, and your business may be required to abide by them at some point.
 

2. Understand Platforms as They Relate to Your Web Properties

According to the CCPA law, the owner and operator of a website that allows the collection or sharing of data is responsible for the security of all personal information collected, sold, or shared on the site, including the actions of third-party platforms loading in through other third parties. With this in mind, be sure to audit your web applications regularly. You should understand how they are being loaded and what they do with data. This makes it  easier to comply with CCPA guidelines.
 

3. Develop a Plan to Respond to Data Subject Requests

As consumer privacy concerns become more rampant in the digital world, it’s critical for you to begin building out your data subject access request plan. This is especially important, given that CCPA requires a 12-month recall period. While there are many different ways to respond to this, the most important thing is to focus on something that allows for both consumer privacy and compliance of your business.
 
 
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.
KEYWORDS: California Consumer Privacy Act (CCPA) cyber security cybersecurity data security privacy concerns

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Whitney armistead
Armistead Whitney is the founder and CEO of cybersecurity management software company, Apptega. Whitney has over 25 years of experience as a CEO and entrepreneur in creating and leading enterprises in the security, software and Internet industries.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • CCPA

    The California Consumer Privacy Act: Everything We Know with Six Months to Go

    See More
  • SEC0919-Edu2-Feat-slide1_900px

    What Do You Need to Know About the California Consumer Privacy Act?

    See More
  • consumers using california consumer privacy protection act right away

    Research shows how consumers are using the California Consumer Privacy Act

    See More

Related Products

See More Products
  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • s and the law.jpg

    Surveillance and the Law: Language, Power and Privacy

  • 9780367667887.jpg

    Surveillance, Privacy and Security

See More Products

Events

View AllSubmit An Event
  • September 19, 2024

    Mastering the Fundamentals: Mitigation, Prevention, and Response to Violence

    ON DEMAND: Organizations face a plethora of threats, including altercations, overdoses, robberies, intruders, angry clientele, and active shooters. Mastering the fundamentals of safety is key to reducing all forms of violence and disruption, not only in the K-12 space but in other industries as well.  
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!