CCPA Primer

The California Consumer Privacy Act (CCPA) received a lot of attention when it was passed in 2018 and more notice when it went into effect in 2020. As the name implies, the law applies to California residents, and the California legislature passed it. The regulation took inspiration from GDPR in Europe and, as such, a lot of the data rights created by CCPA mirror the data rights created by GDPR.

The overarching motivation behind CCPA was 1) to create and grant a class of rights that consumers have over their data and their online privacy and 2) to codify responsibilities for companies regarding the collection and use of personal information.

“Consumers” are equivalent to users for technology companies. The CCPA created new, exercisable, and enforceable rights for your users. The flip side is that there is a whole slew of new responsibilities that fall on companies when it comes to communicating data practices, protecting data, and enabling users to exercise their data rights.

The CCPA is the strictest state general privacy law in the US. While there is still no national privacy regulation equivalent, many companies, especially technology companies that operate across state lines, have embraced CCPA as a new standard to follow across all states. There are much interest and debate around personal privacy and data at both federal and state levels; but, anything that is likely to pass will have similar consumer rights and company obligations to what is in the CCPA.

This CCPA training establishes a baseline understanding of CCPA and helps companies ensure they meet the employee training requirements of CCPA. This course will not make you an expert on CCPA, but it will help you come up to speed with the regulation and the things you and your company need to do to comply with it.

Below is an outline of the course. Remember, you have lifetime access to the content.

Course Overview

• What companies need to comply with CCPA? Knowing if you have to comply with CCPA is the first step. There are three critical factors in determining if your company needs to comply with CCPA.
• Data covered under CCPA. One of the most important things to understand about CCPA is the data to which it is concerned, and any exceptions that may exist.
• Data Subject rights under CCPA? End-user rights on their personal data, or data subject rights, are clearly defined and can be exercised by individuals.
• Your responsibilities under CCPA? As a company under CCPA, you have specific requirements to protect data, report breaches, and handle data subject requests.
• Penalties under CCPA. Your company needs to comply with CCPA. What is your financial risk?
• Recap of CCPA. CCPA and GDPR are similar regulations and often lumped together when people talk about data subject rights and privacy. Understanding the overlap and differences helps to understand both regulations.

‍