CTO On CCPA Enforcement

CCPA was signed into law back in 2018 and made effective at the start of 2020, so businesses have had ample time to prepare. However, many firms will be severely tested over the coming weeks and months as they find out if their preparations will pass muster – particularly the ones that have not previously had to comply with GDPR. Up to this moment, everything has essentially been a practice run – mistakes in handling data or failure to respond to requests didn\’t have the same consequences as it does now. From now on, all firms doing business in the state will be at risk of financial and reputational damage if they do not comply.

It’s worth remembering that California traditionally likes to lead the way on regulatory matters. The state’s approach to environmental laws is a good example. Regulators are almost certainly going to come down strongly on high-profile breaches or compliance failures to show they mean business. We can also expect to see an uptick in the number of consumer complaints when they are unhappy with how a company has handled their data. We will also see more social media shaming for large companies that have failed in their new CCPA duties.

To meet the act’s requirements all Californian businesses will need to be ready to handle personal data requests from residents and be more vigilant than ever to avoid data breaches. The ability to locate and redact personal information quickly and efficiently is going to be one of the most important assets for meeting the CCPA and protecting themselves against data breaches. Businesses under the jurisdiction of the act that lack the ability to automate these crucial processes are at risk of being overloaded and held to account in the coming months.