Skip to content

Are you ready for HIPAA 2.0? Find out…

Close
  • Products
    • Products

      • Governance Suite Use Spirion’s suite to enhance data security posture management
      • Sensitive Data Platform Scan, classify, remediate using SaaS solution
      • Sensitive Data Finder Automate Subject Rights Request processing
      • Sensitive Data Watcher Actively monitor and understand your data
      • Sensitive Data Manager Scan, classify, remediate using on-premise solution
    • Learn more

      • Data Security Posture Management Identify security and privacy risks wherever data lives and secure where it travels.
      • Data Risk Assessment Proactive audit – discover how your org protects its sensitive data before a data breach occurs
      • Data Impact Assessment Reactive audit – respond to an incident for swift and accurate data breach mitigation
      • Privacy-Grade™ Compliance and privacy standards that set the bar for sensitive data protection.
    • Technology

      • CADIA Advanced ML/AI to accurately discover and classify sensitive data
      • AnyFinds™ Minimize false positives and deliver accurate matches
      • Interrogated Platforms More data sources than anyone including both unstructured and structured data
      • Marketplace Integrate with security tools and explore resources to boost data protection
      • Governance Framework Outlines key stages of readiness to safeguard sensitive data and maintain compliance.
    • WHITE PAPER

      Complete Your Microsoft 365 Data Protection Stack
  • Solutions
    • Industry Solutions

      • eCommerce
      • Finance
      • Healthcare
      • Higher Education
      • Manufacturing
      • Telecommunications
    • Security & Privacy Use Cases

      • Data Security Posture Management (DSPM)
      • Microsoft Purview Integration
      • DISCOVER: Sensitive data-at-rest is data-at-risk
      • CLASSIFY: Unify data governance efforts with context-rich classification
      • CONTROL: Reduce the risk and cost of a data breach
      • COMPLY: Accelerate PCI-DSS compliance
    • Compliance

      • Overview
      • GDPR
      • CCPA
      • CMMC
      • CPRA
      • GLBA
      • HIPAA
      • The New York SHIELD Act
      • PCI DSS
      • Other
    • WHITE PAPER

      Complete Your Microsoft 365 Data Protection Stack
  • Resources
    • Resources

      • Blog
      • Case Studies
      • Data Sheet
      • Events
      • MS Purview Calculator
      • Podcast
      • Whitepapers & Research
    • Core Expertise

      • How to take a data-centric approach to security
      • What are cyber insurance requirements?
      • What is data lifecycle management?
      • What is data loss prevention?
      • What is a data risk assessment?
      • What is endpoint security?
      • What is a sensitive data governance framework?
    • Core Capabilities

      • Data Discovery Software Tools: Capabilities and Benefits
      • What is sensitive data discovery?
      • What is semantic data discovery?
      • What is data classification?
      • What is data remediation?
    • WHITE PAPER

      Complete Your Microsoft 365 Data Protection Stack
  • Partners
  • Customers
    • Customers

    • Customer Services
    • Customer Portal
    • Premium Support
  • Company
    • Company

    • About Us
    • Careers
    • Leadership
    • News
    • Our History
  • Search
  • Contact
 Build your own demo
Build your own demo
  • Products
    • Governance Suite
    • Sensitive Data Platform
    • Sensitive Data Finder
    • Sensitive Data Watcher
    • Sensitive Data Manager
    • Learn more
      • Data Security Posture Management
      • Data Risk Assessment
      • Data Impact Assessment
      • Privacy-Grade™
    • Technology
      • CADIA
      • AnyFInds™
      • Interrogated Platforms
      • Marketplace
      • Governance Framework
  • Solutions
    • Industry Solutions
      • eCommerce
      • Finance
      • Healthcare
      • Higher Education
      • Manufacturing
      • Telecommunications
    • Security & Privacy Use Cases
      • Data Security Posture Management (DSPM)
      • Microsoft Purview Integration
      • DISCOVER: Sensitive data-at-rest is data-at-risk
      • CLASSIFY: Unify data governance efforts with context-rich classification
      • CONTROL: Reduce the risk and cost of a data breach
      • COMPLY: Accelerate PCI-DSS compliance
    • Compliance
      • Overview
      • GDPR
      • CCPA
      • CMMC
      • CPRA
      • GLBA
      • HIPPA
      • The New York SHIELD Act
      • PCI DSS
      • Other
  • Resources
    • Resources
      • Blog
      • Case Studies
      • Data Sheet
      • Events
      • MS Purview Calculator
      • Podcast
      • Whitepapers & Research
    • Core Expertise
      • How to take a data-centric approach to security
      • What are cyber insurance requirements?
      • What is data lifecycle management
      • What is data loss prevention?
      • What is a data risk assessment?
      • What is endpoint security?
      • What is a sensitive data governance framework?
    • Core Capabilities
      • Data Discovery Software Tools: Capabilities and Benefits
      • What is sensitive data discovery?
      • What is semantic data discovery?
      • What is data classification?
      • What is data remediation?
  • Partners
  • Customers
    • Customer Services
    • Customer Portal
    • Premium Support
  • Company
    • About Us
    • Careers
    • Leadership
    • News
    • Our History
  • Contact
Build your own demo
Hero Starlight Image
  • The California Consumer Privacy Act (CCPA)

  • Section 100Consumer Request for Disclosure of Personal Information Collected by a Business
  • Section 105Deletion of Personal Information Collected by a Business; exceptions
  • Section 110Disclosure of Personal Information Collected by a Business; includes particulars
  • Section 115Disclosures in Connection With the Sale of Personal Information
  • Section 120Consumer’s Right to Opt-Out of Sale of Personal Information
  • Section 125No Discrimination Against Consumers
  • Section 130Consumer Submition of Requests for Information
  • Section 135Do Not Sell My Personal Information
  • Section 140Definitions
  • Section 150Information Security
  • Section 155Attorney General Opinions
  • Section 160Consumer Privacy Fund
  • Section 175Furthering the Constitutional Right of Privacy
  • Section 180Preemption of Local Law
  • Section 185Regulations to Further the Purposes of the Act
  • Section 190Circumvention of the Act
  • Section 192Waiver or Limitation of Consumer’s Rights
  • Section 194Liberal Construction of the Act
  • Section 196Preemption by Federal Law or the California Constitution
  • Section 198January 1, 2020 Operative Date
  • Section 199Operative Date of Section 180
Key Issues

Regulations to Further the Purposes of the Act

1798.185.

(a) On or before July 1, 2020, the Attorney General shall solicit broad public participation and adopt regulations to further the purposes of this title, including, but not limited to, the following areas:

(1) Updating as needed additional categories of personal information to those enumerated in subdivision (c) of Section 1798.130 and subdivision (o) of Section 1798.140 in order to address changes in technology, data collection practices, obstacles to implementation, and privacy concerns.

(2) Updating as needed the definition of unique identifiers to address changes in technology, data collection, obstacles to implementation, and privacy concerns, and additional categories to the definition of designated methods for submitting requests to facilitate a consumer’s ability to obtain information from a business pursuant to Section 1798.130.

(3) Establishing any exceptions necessary to comply with state or federal law, including, but not limited to, those relating to trade secrets and intellectual property rights, within one year of passage of this title and as needed thereafter.

(4) Establishing rules and procedures for the following:
(A) To facilitate and govern the submission of a request by a consumer to opt-out of the sale of personal information pursuant to Section 1798.120.

(B) To govern business compliance with a consumer’s opt-out request.

(C) For the development and use of a recognizable and uniform opt-out logo or button by all businesses to promote consumer awareness of the opportunity to opt-out of the sale of personal information.

(5) Adjusting the monetary threshold in subparagraph (A) of paragraph (1) of subdivision (c) of Section 1798.140 in January of every odd-numbered year to reflect any increase in the Consumer Price Index.

(6) Establishing rules, procedures, and any exceptions necessary to ensure that the notices and information that businesses are required to provide pursuant to this title are provided in a manner that may be easily understood by the average consumer, are accessible to consumers with disabilities, and are available in the language primarily used to interact with the consumer, including establishing rules and guidelines regarding financial incentive offerings, within one year of passage of this title and as needed thereafter.

(7) Establishing rules and procedures to further the purposes of Sections 1798.110 and 1798.115 and to facilitate a consumer’s or the consumer’s authorized agent’s ability to obtain information pursuant to Section 1798.130, with the goal of minimizing the administrative burden on consumers, taking into account available technology, security concerns, and the burden on the business, to govern a business’s determination that a request for information received from a consumer is a verifiable consumer request, including treating a request submitted through a password-protected account maintained by the consumer with the business while the consumer is logged into the account as a verifiable consumer request and providing a mechanism for a consumer who does not maintain an account with the business to request information through the business’s authentication of the consumer’s identity, within one year of passage of this title and as needed thereafter.

(b) The Attorney General may adopt additional regulations as follows:

(1) To establish rules and procedures on how to process and comply with verifiable consumer requests for specific pieces of personal information relating to a household in order to address obstacles to implementation and privacy concerns.

(2) As necessary to further the purposes of this title.

(c) The Attorney General shall not bring an enforcement action under this title until six months after the publication of the final regulations issued pursuant to this section or July 1, 2020, whichever is sooner.

(Amended by Stats. 2019, Ch. 757, Sec. 10. (AB 1355) Effective January 1, 2020.)

Ready to get started?

Schedule a personalized demo with one of our data security experts to see Spirion data protection solutions in action.

Watch demo now
Discover, protect and comply.

Protect sensitive information with a solution that is customizable to your organizational needs. When your job is to protect sensitive data, you need the flexibility to choose solutions that support your security and privacy initiatives.

Governance Suite →

social icon
Industry Solutions

Not knowing where sensitive client financial data resides and failing to take the right security precautions can be a costly mistake for your organization. Find out how Data privacy is treated in your sector.

Read more →

  • Products
    • Sensitive Data Platform
    • Sensitive Data Finder
    • Sensitive Data Watcher
  • Solutions
    • What is sensitive data discovery?
    • What is data loss prevention?
    • What is data classification?
    • Security Use Cases
  • Compliance
    • News
    • Services
  • Need Help?
    • Customer Portal
    • 646-863-8301​​​​​​​​​​​​​​​​​​​​​
    • 3030 North Rocky Point Drive West,
      Suite 470
      Tampa, FL 33607
LATEST BLOG POSTS
  • Why Data Classification is the Unsung Hero of Financial Data Security
  • Beyond the Firewall: Protecting Student Data with Intelligent Data Classification
  • From Reactive to Proactive: Achieving Data Privacy Through Automation

© 2024 Spirion, LLC. All Rights Reserved

  • Legal
  • Privacy
  • Sitemap