How to Prepare for California’s Consumer Privacy Act

On January 1, 2020, the California Consumer Privacy Act (the “CCPA”) will take effect. The CCPA, enacted in 2018, is a significant update for many companies due to the fact that it is arguably one of the most comprehensive data privacy laws to be enacted in the United States to date.

Who Does the Law Affect?

The law gives Californians new rights and businesses new responsibilities. It does not apply to journalistic coverage and nonprofit organizations. Businesses must comply if their revenues exceed $25 million a year, if they get at least half their annual revenue from selling consumers’ personal information, or if they buy or sell personal data of at least 50,000 households a year. That means as many as 500,000 companies are likely to have to follow the law.

As such, it would be prudent for companies that conduct business in the state of California – as well as companies that conduct or may conduct business in California or in other U.S. states – to pay close attention to the enforcement of the CCPA and monitor the possibility of the enactment of a federal privacy law.

What are the Major Provisions?

1.) Requires businesses give consumers all the information they collect about them, free of charge, if they request it from them. You can request it up to twice a year.
2.) Requires businesses delete information they have collected from someone, if they ask them to. There are circumstances where businesses can deny the request, if the information is necessary to complete a transaction or protect against fraud.
3.) Requires businesses that sell PII to create a simple way to opt out of having your data sold, through a “recognizable and uniform” button or logo on the company’s website.
4.) Allows people to sue companies that allow PII to be accessed or stolen through a data breach.

How Should my Firm Prepare?

For starters, if this requirement affects your firm, it’s important to seek legal advice and likely update your website and employee privacy policies. You may also want to provide directions on how people can request the data your company has about them and how they can request to access it. If you’re looking for an example of how other companies are preparing for the effective date, I recommend viewing Slack’s updated Privacy Policy.  

To help firms’ comply, Quest CE has authored a new e-learning course, called “California Customer Privacy Act (CCPA).” This course is designed to provide a high-level understanding of the California Consumer Privacy Act (CCPA) and its implications for impacted consumers and businesses. By the end of the course, learners should have a broad understanding of the key elements of the law, the new consumer rights it grants, the requirements for businesses, and the potential enforcement and civil liabilities businesses face for non-compliance.

For more information on Quest CE’s course, or other training options, please contact us directly at or (877)593-3366.