On January 1, 2020, the California Consumer Privacy Act (CCPA) goes into effect, impacting every business operating in California. While the CCPA incorporates many of the core elements included in the European General Data Protection Regulation (GDPR), the new California law is not modeled after GDPR. This means that companies compliant with the GDPR standards are not necessary compliant with the new CCPA requirements, and could be subject to lawsuits – including class action lawsuits in which consumers will be able to sue companies for up to $750 per individual incident.
This panel will hold an in-depth discussion on the scope of the CCPA, compare and contrast its similarities and differences from GDPR, deliberate on what has been clearly defined or is still a potential grey area in law, and most importantly, provide insight into how CISOs, auditors, and legal firms are preparing for the new standard being set forth in California.
This session will include discussions on items such as:
- What organizations will be required to comply with the new laws?
- Who is defined as a consumer and what degree of legal rights are they guaranteed?
- How is personal information defined and how does it differ from GDPR?
- How does CCPA define “reasonable security measure” and what is required from companies in the
- event of a data breach?
- What areas should auditors scope in when testing the controls of an organization that is in compliance with the new law?
- Major areas of concern that CISOs, legal, and audit teams need to take into account when complying with the new laws.