June 2019
Intermediate to advanced
172 pages
3h
English
There are no prescriptive security requirements outlined in the CCPA. The only real place “security” is mentioned as a topic is in section 150. That section actually contains what is left of the original ballot proposal’s private right of action, and it details how consumers can make a claim under the CCPA. In turn, some insight can be gained into the obligations of organizations, and how they can rebut consumer claims.
At the time of writing, consumers will only be able to institute a civil action against an organization for failure to secure data. Such a claim actually has several requirements under section 150. First, the personal information must be “nonencrypted or nonredacted.”152 So, an easy way for organizations ...