The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics

Digital Guardian's Blog

Draft Regulations for CCPA Released

by Chris Brook on Monday October 14, 2019

Contact Us
Free Demo

The California Attorney General's Office finally released draft regulations around the CCPA last week, outlining the requirements of businesses and consumers

The California Attorney General's Office released draft implementing rules for California's stringent new data privacy law, the California Consumer Privacy Act (CCPA) last week, roughly 11 weeks before the legislation is slated to go into effect.

The CCPA, signed into law back one June 28, 2018, is a sweeping new data privacy law designed to give users the ability to see what information is collected about them and stop that data from being sold among other stipulations.

While the law goes into effect Jan. 1, the rules implementing and enforcing the law don't go into effect until July 1.

“Knowledge is power, and in the internet age knowledge is derived from data. Our personal data is what powers today’s data-driven economy and the wealth it generates. It’s time we had control over the use of our personal data. That includes keeping it private,” the state’s AG, Xavier Becerra, said Thursday.

The goal of the regulations, viewable here (.PDF) is to ensure consumers and businesses alike have a better idea about the legislation before it goes into effect. Included in the regulations are a list of general provisions, notices to consumers, information about their right to opt out of the sale of their personal data, and notices to businesses, like how they can verify requests.

With the release of the 24-page document, Becerra reiterated the four major bullet points of the CCPA:

  • Businesses must disclose data collection and sharing practices to consumers;
  • Consumers have a right to request that their data be deleted;
  • Consumers have a right to opt out of the sale or sharing of their personal information; and
  • Businesses are prohibited from selling personal information of consumers under the age of 16 without explicit consent.

In addition to released the proposed regulations, the AG's Office also announced that there will be four public hearing dates, in Sacramento, Los Angeles, San Francisco, and Fresno, to seek comment on the CCPA. The comment period will end on December 6.

Complying with the regulations, which came as a result of seven public forums held throughout the state and a comment period of their own, could cost between $467 million to $16,454 million in costs, between 2020-2030, according to Becerra's office.

Tags: undefined

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.