Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / DS - Data Security

California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA)

This document focuses on:

The CCPA/CPRA represents the most comprehensive data privacy framework in the United States, granting California residents extensive rights over their personal information, including the right to know, delete, correct, and opt-out of the sale or sharing of data. While fundamentally a privacy law, it has profound cybersecurity implications through its mandate for companies to implement “Reasonable Security Procedures and Practices” to protect personal and sensitive data. Key cybersecurity topics relevant to this act include Data Classification (specifically the “Sensitive Personal Information” category), Access Control, and Third-Party Risk Management, as businesses must ensure vendors also adhere to strict security standards. Notably, the CPRA introduced a requirement for annual Cybersecurity Audits and regular Risk Assessments for businesses whose data processing poses a “significant risk” to consumer privacy, effectively making robust security hygiene a legal prerequisite for doing business in California.


Publication's URL

https://oag.ca.gov/privacy/ccpa

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *