With the California Consumer Privacy Act (CCPA) in effect, we wanted to reflect on the CCPA’s journey. In this blog post, we’ll go over the CCPA’s history, what the CCPA means for your business, and how you can tackle CCPA compliance.

What is the CCPA?

The CCPA aims to protect the privacy and data of California consumers. It requires businesses to provide Californians as much information as possible about the ways in which their personal information is handled and used. This act requires businesses to explain to consumers what data they are collecting and gives consumers the right to say ‘no’ to the sale of their personal information and to request businesses to delete their personal information.

The Start of the CCPA

From 2016 to 2018, Alastair Mactaggart created and led a ballot initiative for a privacy law that spurred the passage of the CCPA (i.e., Assembly Bill (AB) 375). AB 375 was initially introduced by Ed Chau, a member of the California State Assembly, as well as State Senator Robert Hertzberg.

On June 28, 2018, the Governor of California, Jerry Brown, signed AB 375 into effect, establishing the most extensive consumer privacy legislation ever passed in the United States.

The CCPA Timeline

June 28, 2018 – AB 375 signed into law and Mactaggart’s ballot initiative withdrawn 

September 23, 2018 – Senate Bill No. 1121 signed into law, modifying the CCPA

January 1, 2019 – Data mapping and recordkeeping requirements start

October 10, 2019 – The California Attorney General, Xavier Becerra, released the proposed text for the CCPA Regulations.

October 11, 2019 California Governer Signs CCPA Amendments into Law

January 1, 2020 – CCPA goes into effect

Spring 2020 – Attorney General regulations expected to be finalized 

July 1, 2020 – Enforcement begins

What the CCPA Means for You

With California’s new privacy law in effect, every company, organization, and person who handles personal information regarding California consumers and employees are now impacted.

Given the importance of complying with the CCPA, entities must understand that the CCPA applies to a “business” which:

  • Handles personal information about California residents,
  • Determines the purposes and means of processing that personal information,
  • Does business in California, and meets one or more of the following thresholds:
    • Has annual gross revenues in excess of US$25 million,
    • Annually handles personal information regarding at least 50,000 consumers, households, or devices, or
    • Derives 50% or more of its annual revenue from selling consumers’ personal information.

In addition to businesses, the CCPA impacts service providers that process personal information on a business’s behalf. The new privacy law also impacts third parties that receive or purchase personal information from a business. If you run a nonprofit organization, your organization falls outside of the CCPA’s scope.

California Residents and the CCPA

The CCPA grants California residents, who are consumers, specific rights regarding their personal information businesses maintain. If you’re a California consumer, you have the right to request that a business inform you about its processing activities with respect to your personal information, to delete your personal information, and to opt-out of the sale of your personal information.

All the hoops that businesses need to go through for CCPA compliance are to protect the privacy of California consumers.

In Conclusion

As companies prepare for the CCPA, they must keep in mind that a privacy program needs to adapt and change according to applicable privacy law, as well as each company’s objectives. Regardless of where you are in your privacy program, it’s never too late to start preparing for CCPA compliance. To request a live OneTrust for CCPA software demo, visit www.OneTrust.com/ccpa-compliance or email [email protected].


Check out our CCPA blog series: