Spirion Whitepaper: CCPA Compliance

The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. Its primary function
is to enhance privacy rights and consumer protections for California residents. The CCPA regulates what businesses can and cannot do with personal information they collect. Its considered a landmark legislation on data protection because of its strict guidelines.

In part, the bill grants a consumer the right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer. The bill is also designed to require a business to make disclosures about the information and the purposes for which it’s used. Further, citizens have the right to request their data be deleted.

Intentional non-compliance of CCPA regulations results in a maximum fine of $7,500 USD per violation. The legislation also establishes the right of consumers to take private action against erring covered businesses. This means that any California resident whose personal information was accessed illegally, stolen, or disclosed as a result of substandard security measures can file a civil suit.

Statutory damages for such civil cases have a minimum of $100, and a ceiling of $750 per consumer per incident, plus any other declaratory, injunctive, and other relief the court deems proper. At first glance, the numbers may seem small, but consider that most breaches involve hundreds of thousands of records. If the cost of each record involved in a breach equals $750, organizations could be looking at expensive lawsuits.

This white paper provides insight on the new CCPA and how the Spirion data discovery, classification, and protection platform delivers critical functionality that helps organizations meet full compliance.

To read the full whitepaper, please fill in the form below

  • This whitepaper is offered free of charge by Data Protection World Forum Ltd (DPWF) in association with Spirion. When subscribing, you are asked to furnish certain limited information for registration and analytics purposes. Spirion may contact you in connection with the whitepaper. You are also given the option of consenting to receive marketing communications from DPWF and/or Spirion. You have the right at any time to withdraw your consent to the use of your personal data for such purposes and to have your data deleted. DPWF and Spirion are joint controllers of your data for the purposes of the Data Protection Act 2018 and we refer you to their respective privacy policies below.

    View GDPR:Report's Privacy Notice here

    View Spirion Privacy Notice here


The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.