California Consumer Privacy Act (CCPA)


The California Consumer Privacy Act (CCPA) will go into effect at the beginning of 2020

It is said to be the most comprehensive U.S. privacy initiatives to date and it is expected to inspire similar legislative changes beyond California’s borders.




California passed its California Consumer Privacy Act (CCPA) on June 28, 2018. It's a law that protects the privacy rights of consumers within the state. Similar to Europe's General Data Protection Regulation (GDPR), the CCPA will affect many businesses that collect personal information from those in California.

According to the CCPA website, the act protects the following consumer rights:


  • The right to know all data collected on them, including what categories of data and why it is being acquired, before it is collected, and any changes to its collection.
  • Right to refuse the sale of their information.
  • The right to request the deletion of their data.
  • Mandated right to opt-in before the sale of information of children under 16.
  • The right to know the categories of third parties with whom their data is shared, as well as those from whom their data was acquired.
  • Enforcement by the Attorney General of the State of California.
  • Private right of action should breach occur, ensure companies keep their information safe.
It can be broken down into 3 segments:


Ownership: Businesses will be required to inform consumers in California of their privacy rights prior to collecting their personal information, update privacy policies to disclose detail around the collection and intended use of any personal information they collect.

Security: Businesses will be accountable for security breaches if the company is found not to have implemented and maintained “reasonable security procedures and practices”.

Control: Businesses will need to provide consumers with a simple way to opt-out of the sale or sharing of their personal information on the case to case basis. It is also illegal for a business to discriminate against an individual if they refuse to share personal information. 

Complying with CCPA.


FI’s need to deal with CCPA in an established manner. Data inventory/mapping and establishing the applicability of the same. 

The most cost-effective way to deal with it is definitely technology. Track client requests, utilize AI, ML, and IoT. 

As other states look into implementing a similar act, it gives FI’s an opportunity to look into it from a broader perspective.
Always look at the opportunities brought in by a change!