The California Consumer Privacy Act (CCPA)

CHAPTER 6: SECURITY REQUIREMENTS

There are no prescriptive security requirements outlined in the CCPA. The only real place “security” is mentioned as a topic is in section 150. That section actually contains what is left of the original ballot proposal’s private right of action, and it details how consumers can make a claim under the CCPA. In turn, some insight can be gained into the obligations of organizations, and how they can rebut consumer claims.

At the time of writing, consumers will only be able to institute a civil action against an organization for failure to secure data. Such a claim actually has several requirements under section 150. First, the personal information must be “nonencrypted or nonredacted.”¹⁵² So, an easy way for organizations ...

Get The California Consumer Privacy Act (CCPA) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The California Consumer Privacy Act (CCPA) by Preston Bukaty

CHAPTER 6: SECURITY REQUIREMENTS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly