CHAPTER 6: SECURITY REQUIREMENTS
“Data security” is mentioned as a topic in the CPRA first in section 100(E):
A business that collects a consumer’s personal information shall implement reasonably security procedures and practices appropriate to the nature of the personal information to protect (it) from unauthorized or illegal access, destruction, use, modification, or disclosure.
Note that this references another section of the California Civil Code, which will be discussed later: Section 1798.81.5.
Security is also found in section 150. That section actually contains what is left of the original ballot proposal’s private right of action, and it details how consumers can make a claim under the CPRA. In turn, some insight can be gained into ...