The California Consumer Privacy Act’s Hidden Surprise Has Big Legal Consequences

Source
Advertisement


In 2018, when businesses were preparing for the European Union’s General Data Privacy Regulation (GDPR), California quietly and quickly passed its own legislation: the California Consumer Privacy Act (CCPA). This regulation, with its emphasis on consumer privacy rights, has an interesting history of grassroots consumer advocacy coupled with swift legislative action provoked by the fear of a ballot initiative. But what security professionals may have missed is that the CCPA contains a surprise in the form of a provision devoted to “reasonable” cybersecurity procedures and policies.

Advertisement