Skip to content

Are you ready for HIPAA 2.0? Find out…

Close
  • Products
    • Products

      • Governance Suite Use Spirion’s suite to enhance data security posture management
      • Sensitive Data Platform Scan, classify, remediate using SaaS solution
      • Sensitive Data Finder Automate Subject Rights Request processing
      • Sensitive Data Watcher Actively monitor and understand your data
      • Sensitive Data Manager Scan, classify, remediate using on-premise solution
    • Learn more

      • Data Security Posture Management Identify security and privacy risks wherever data lives and secure where it travels.
      • Data Risk Assessment Proactive audit – discover how your org protects its sensitive data before a data breach occurs
      • Data Impact Assessment Reactive audit – respond to an incident for swift and accurate data breach mitigation
      • Privacy-Grade™ Compliance and privacy standards that set the bar for sensitive data protection.
    • Technology

      • CADIA Advanced ML/AI to accurately discover and classify sensitive data
      • AnyFinds™ Minimize false positives and deliver accurate matches
      • Interrogated Platforms More data sources than anyone including both unstructured and structured data
      • Marketplace Integrate with security tools and explore resources to boost data protection
      • Governance Framework Outlines key stages of readiness to safeguard sensitive data and maintain compliance.
    • WHITE PAPER

      Complete Your Microsoft 365 Data Protection Stack
  • Solutions
    • Industry Solutions

      • eCommerce
      • Finance
      • Healthcare
      • Higher Education
      • Manufacturing
      • Telecommunications
    • Security & Privacy Use Cases

      • Data Security Posture Management (DSPM)
      • Microsoft Purview Integration
      • DISCOVER: Sensitive data-at-rest is data-at-risk
      • CLASSIFY: Unify data governance efforts with context-rich classification
      • CONTROL: Reduce the risk and cost of a data breach
      • COMPLY: Accelerate PCI-DSS compliance
    • Compliance

      • Overview
      • GDPR
      • CCPA
      • CMMC
      • CPRA
      • GLBA
      • HIPAA
      • The New York SHIELD Act
      • PCI DSS
      • Other
    • WHITE PAPER

      Complete Your Microsoft 365 Data Protection Stack
  • Resources
    • Resources

      • Blog
      • Case Studies
      • Data Sheet
      • Events
      • MS Purview Calculator
      • Podcast
      • Whitepapers & Research
    • Core Expertise

      • How to take a data-centric approach to security
      • What are cyber insurance requirements?
      • What is data lifecycle management?
      • What is data loss prevention?
      • What is a data risk assessment?
      • What is endpoint security?
      • What is a sensitive data governance framework?
    • Core Capabilities

      • Data Discovery Software Tools: Capabilities and Benefits
      • What is sensitive data discovery?
      • What is semantic data discovery?
      • What is data classification?
      • What is data remediation?
    • WHITE PAPER

      Complete Your Microsoft 365 Data Protection Stack
  • Partners
  • Customers
    • Customers

    • Customer Services
    • Customer Portal
    • Premium Support
  • Company
    • Company

    • About Us
    • Careers
    • Leadership
    • News
    • Our History
  • Search
  • Contact
 Build your own demo
Build your own demo
  • Products
    • Governance Suite
    • Sensitive Data Platform
    • Sensitive Data Finder
    • Sensitive Data Watcher
    • Sensitive Data Manager
    • Learn more
      • Data Security Posture Management
      • Data Risk Assessment
      • Data Impact Assessment
      • Privacy-Grade™
    • Technology
      • CADIA
      • AnyFInds™
      • Interrogated Platforms
      • Marketplace
      • Governance Framework
  • Solutions
    • Industry Solutions
      • eCommerce
      • Finance
      • Healthcare
      • Higher Education
      • Manufacturing
      • Telecommunications
    • Security & Privacy Use Cases
      • Data Security Posture Management (DSPM)
      • Microsoft Purview Integration
      • DISCOVER: Sensitive data-at-rest is data-at-risk
      • CLASSIFY: Unify data governance efforts with context-rich classification
      • CONTROL: Reduce the risk and cost of a data breach
      • COMPLY: Accelerate PCI-DSS compliance
    • Compliance
      • Overview
      • GDPR
      • CCPA
      • CMMC
      • CPRA
      • GLBA
      • HIPPA
      • The New York SHIELD Act
      • PCI DSS
      • Other
  • Resources
    • Resources
      • Blog
      • Case Studies
      • Data Sheet
      • Events
      • MS Purview Calculator
      • Podcast
      • Whitepapers & Research
    • Core Expertise
      • How to take a data-centric approach to security
      • What are cyber insurance requirements?
      • What is data lifecycle management
      • What is data loss prevention?
      • What is a data risk assessment?
      • What is endpoint security?
      • What is a sensitive data governance framework?
    • Core Capabilities
      • Data Discovery Software Tools: Capabilities and Benefits
      • What is sensitive data discovery?
      • What is semantic data discovery?
      • What is data classification?
      • What is data remediation?
  • Partners
  • Customers
    • Customer Services
    • Customer Portal
    • Premium Support
  • Company
    • About Us
    • Careers
    • Leadership
    • News
    • Our History
  • Contact
Build your own demo
Hero Starlight Image
  • The California Consumer Privacy Act (CCPA)

  • Section 100Consumer Request for Disclosure of Personal Information Collected by a Business
  • Section 105Deletion of Personal Information Collected by a Business; exceptions
  • Section 110Disclosure of Personal Information Collected by a Business; includes particulars
  • Section 115Disclosures in Connection With the Sale of Personal Information
  • Section 120Consumer’s Right to Opt-Out of Sale of Personal Information
  • Section 125No Discrimination Against Consumers
  • Section 130Consumer Submition of Requests for Information
  • Section 135Do Not Sell My Personal Information
  • Section 140Definitions
  • Section 150Information Security
  • Section 155Attorney General Opinions
  • Section 160Consumer Privacy Fund
  • Section 175Furthering the Constitutional Right of Privacy
  • Section 180Preemption of Local Law
  • Section 185Regulations to Further the Purposes of the Act
  • Section 190Circumvention of the Act
  • Section 192Waiver or Limitation of Consumer’s Rights
  • Section 194Liberal Construction of the Act
  • Section 196Preemption by Federal Law or the California Constitution
  • Section 198January 1, 2020 Operative Date
  • Section 199Operative Date of Section 180
Key Issues

The California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act of 2018 (“CCPA” or “the Act”) became effective on January 1, 2020, and is codified at §§1798.100-199 of the Civil Code. The Act offers new and wide-ranging privacy rights for California residents, including a right to be informed about personal data collected by a business and rights to access and delete that information, a right to prevent personal information from being sold to third parties, and a right to data portability. The law applies to all business that collect or use this personal information, not just those companies operating in California. The California Attorney General may bring actions for civil penalties of up to $7,500 per violation and there is a limited private right of action for individual victims of data breaches for penalties ranging between $100-750 per violation.

In September of 2018, then-California Governor Jerry Brown signed into law S.B. 1121, which amended the CCPA by correcting grammatical and spelling errors, clarifying some aspects of the law, and making several substantive changes. Aspects that were clarified include:

  • Information that nominally falls under one or more of the categories of “personal information” cited
    in §140(o)(A)-(K) is only personal information if it “identifies, relates to, describes, is capable of being
    associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or
    household”
  • The consumer private right of action only applies to violations of §150(a), which addresses security
    procedures and practices
  • The Act does not apply if it is conflict to with the U.S. Constitution

Substantive changes include:

  • Allowing a business to disclose the consumer’s right to deletion of his/her personal information in a form that is “reasonably accessible to consumers”; previously, the Act required such information to be listed on a business’s website or in its privacy policy
  •  Exempting personal information collected under the California Financial Information Privacy Act; this is in addition to personal information subject to the Gramm-Leach-Bliley Act, which was already exempt under the CCPA
  • Exempting health care providers and covered entities “to the extent the provider or covered entity maintains patient information in the same manner as medical information or protected health information” as it does under the Confidentiality of Medical Information Act (California’s HIPAA analog) or under HIPAA

In October of 2019, California Governor Gavin Newsom signed into law several bills passed by the California legislature that address data protection and most of which were directed at the CCPA. Overall, the substance and strength of the Act remains the same but there are some additions and caveats that merit review by data protection professionals:

  • A.B. 1202. Data brokers. Data brokers must now register with the California Attorney General’s
    office.
  • A.B. 25. CCPA amendment. One-year exemption for “employee” data.
  • A.B. 874. CCPA amendment. Adds “reasonably” to the definition of “personal information.”
  • A.B. 1355. CCPA amendment. One-year exemption for “business-to-business” data; numerous drafting errors corrected.
  • A.B. 1146. CCPA amendment. Exemption for certain information related to motor vehicle repairs
    and recalls.
  • A.B. 1130. Breach notification. Adds new types of personal data subject to the state breach notification statute.

Below is an unofficial version of the Act that incorporates all previous amendments.

Ready to get started?

Schedule a personalized demo with one of our data security experts to see Spirion data protection solutions in action.

Watch demo now
Discover, protect and comply.

Protect sensitive information with a solution that is customizable to your organizational needs. When your job is to protect sensitive data, you need the flexibility to choose solutions that support your security and privacy initiatives.

Governance Suite →

social icon
Industry Solutions

Not knowing where sensitive client financial data resides and failing to take the right security precautions can be a costly mistake for your organization. Find out how Data privacy is treated in your sector.

Read more →

  • Products
    • Sensitive Data Platform
    • Sensitive Data Finder
    • Sensitive Data Watcher
  • Solutions
    • What is sensitive data discovery?
    • What is data loss prevention?
    • What is data classification?
    • Security Use Cases
  • Compliance
    • News
    • Services
  • Need Help?
    • Customer Portal
    • 646-863-8301​​​​​​​​​​​​​​​​​​​​​
    • 3030 North Rocky Point Drive West,
      Suite 470
      Tampa, FL 33607
LATEST BLOG POSTS
  • Top 7 Data Classification Best Practices for Businesses
  • Understanding Sensitive Data Identification and Its Importance to Your Organization
  • Meeting Compliance Requirements with Spirion – Why DLP Alone Isn’t Enough

© 2024 Spirion, LLC. All Rights Reserved

  • Legal
  • Privacy
  • Sitemap