All Posts

January 21, 2020

Why the California Consumer Privacy Act Is a Challenge for Businesses

Written by David Corchado
Find me on:

Happy New Year, and welcome to a new era of consumer privacy. It’s going to be a challenging one for many businesses. That’s because the California Consumer Privacy Act (CCPA) took effect on January 1. And, in the words of The Verge, no one is ready for it.

What Is the CCPA?

The CCPA regulates how businesses collect, use, and disclose information about California residents. The purpose of the CCPA is to bolster the personal privacy of California’s 39 million residents by requiring businesses to follow more stringent privacy requirements. For instance, if a business buys or sells data on at least 50,000 California residents each year, the business must share with those residents it does with the data; and residents can request the business not sell it. The CCPA has a number of other stipulations, too. For instance, consumers can request companies bound by the CCPA delete their personal data.

The CCPA is considered a landmark piece of legislation because it could affect how other states treat privacy.

The CCPA Is a Work In Progress

But as The Verge points out, it’s not always clear what it means for a business to be compliant with the CCPA. “Draft regulations for enforcing the law are still being finalized at the state level, and questions about specific aspects of the most sweeping privacy regulation since the European Union’s General Data Protection Regulation (GDPR) are still not clear,” notes Kim Lyons of The Verge.

Reece Hirsch, co-head of Morgan Lewis’ privacy and cybersecurity practice, characterized the CCPA as a complex work in progress. In addition, as I pointed out in a September blog post, the CCPA is being ushered in by legislators even as technology is evolving to help businesses achieve compliance – so many are still trying to get their technology houses in order even though the CCPA is in effect now. In addition, businesses have struggled with the increasingly complicated challenge of understanding the consumer data they track.

What Businesses Should Do

But businesses still need to try to be compliant even it’s not always clear what compliance means. The CCPA is not going away – in fact, it’s just the beginning of a new era of greater privacy regulations in the United States. We can expect more legislation as states respond to a changing public sentiment toward privacy.

In California, widespread enforcement of the CCPA is unlikely to happen until July. The time is now for businesses to act. These blog posts I’ve written provide additional context for anyone who needs to get grounded on the fundamental issues:

At Investis Digital, we closely follow privacy legislation. We subject ourselves to third-party audits for data privacy and security that go far beyond what you will see from other communications firms. We actively deploy solutions to help our clients maximize engagement with their audience, while respecting a newfound demand for privacy.

Contact Investis Digital

If you have questions, For questions, please contact your Investis Digital account manager or email me at

Subscribe to Email Updates