Security Congress Abstract
The California Consumer Privacy Act of 2018 (CCPA) likely represents the most stringent privacy statute to be enacted at the U.S. state level and applies to all businesses in the U.S. and potentially to those around the world. The CCPA’s long list of requirements includes a mandate to “implement and maintain reasonable security procedures and practices,” an aspect that is similar to that of the GDPR and many other data protection regulations. This presentation addresses the cybersecurity requirements of the CCPA: how personal information is defined, stated exemptions, and the potential for penalties and enforcement mechanisms by regulatory bodies and consumers. It also offers the latest information from the California Attorney General and updates of possible amendments to the statute.