Main Menu
Main Menu

Does the new CCPA law apply to your business?

What is the California Consumer Privacy Act?



Many California businesses will need to address new compliance and privacy requirements this year due to the California Consumer Privacy Act (CCPA), which went into effect on January 1st, 2020. CCPA established new data privacy rights relating to how businesses handle consumers’ data. Companies that fall under CCPA have a six-month grace period before enforcement actions from the California attorney general begin in July.

Once enforcement begins, penalties being out of compliance are up to $7,500 per intentional violation and up to $2,500 per unintentional violation. Consumers also have the right to pursue individual actions against companies that mishandle their data.

Does CCPA apply to you?

CCPA regulates any company that does business in California (or has customers who live in California) and falls into at least one of the following categories:

  • Earns annual gross revenues over $25 million
  • Receives, buys, sells or shares the personal information of at least 50,000 California consumers
  • Derives at least half of annual revenue from selling the information of California residents

For more details on the CCPA standards, see Microsoft’s FAQ.

How to Prepare for CCPA Enforcement

If CCPA applies to you and your business, you’ll want to start taking steps to ensure you’re compliant now. Here are a few things to keep in mind:

1. Understand the scope of your obligations

First you need to understand what kind of consumer data you are collecting and storing. CCPA defines “personal information” as anything that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” This includes things like:

  • Personal identifiers (names, addresses, emails, social security numbers, driver’s license numbers, etc.)
  • Geolocation
  • Biometric information
  • Employment information
  • Educational information
  • Internet or network activity

If you don’t already have a good understanding of what data you’re collecting and how you’re storing it, you’ll want to get a compliance assessment. If you have a Microsoft 365 subscription, you already have access to the Microsoft 365 Compliance Center and the new Compliance Score. These tools will help you assess your current compliance posture and point out areas that require improvement.

2. Develop processes for responding to Data Subject Requests (DSRs)

CCPA gives consumers the right to control how companies use their information, including the right to access, delete, or transfer data. Consumers exercise these rights by submitting Data Subject Requests (DSRs) to companies, and businesses subject to CCPA will be obligated to review and respond to each DSR in a timely manner. The Microsoft 365 Compliance Center can help you streamline the DSR response process and is another reason why we recommend Microsoft.

3. Find and secure sensitive data

Most businesses are not taking steps to secure corporate data, and data breaches are becoming more common every day. Because CCPA imposes penalties for data breaches of consumer information, it’s important to have the right systems in place for securing sensitive data. Tools like Message Encryption, which enables users to encrypt messages going in and out of your organization, and Microsoft Information Protection, which blocks sensitive data from leaving the organization, are a critical part of your compliance stack.

4. Train your employees

CCPA requires all employees who are responsible for the company’s compliance or might find themselves handling requests related to data privacy (opting out, deleting or accessing information, etc) to undergo specific training about how CCPA works and what it requires. This training requirement most likely covers all customer service representatives along with the company’s legal/compliance team. You will want to make sure all employees who are required to undergo CCPA training complete it before enforcement actions begin later this year.

TechMD Can Help

If you have any questions about how CCPA might affect your business, please feel free to reach out to us!

Share:

Subscribe to TechMD Insights

More Posts

Windows 10 End of Support

Windows 10 End-of-Life: What It Means for Your Business and How to Prepare

Microsoft has officially announced that support for Windows 10 will end on October 14, 2025. While this may seem like a distant deadline, the implications for your business can be significant. Taking proactive steps now can help you avoid security vulnerabilities, compliance issues, and operational disruptions down the line. 

CRN Tech Elite 250 List

TechMD Recognized on CRN’s 2025 Tech Elite 250 List

We’re proud to announce that TechMD has been recognized on the 2025 CRN Tech Elite 250, a prestigious list honoring North America’s top technology solution providers. This recognition highlights our dedication to navigating the complexities of IT while delivering best-in-class integration, cybersecurity, and customer service nationwide.

TechMD has been named to Cloudtango’s MSP Select list for 2025

TechMD Recognized on Cloudtango’s MSP Select 2025

We are proud to announce our inclusion in CRN’s 2025 Managed Service Provider (MSP) 500 list in the Elite 150 category. This marks the tenth time TechMD has been recognized on CRN’s MSP 500 list and the first time we earned a spot in the prestigious Elite 150 category.

CRN Elite 150

TechMD Recognized as a CRN Elite 150 MSP

We are proud to announce our inclusion in CRN’s 2025 Managed Service Provider (MSP) 500 list in the Elite 150 category. This marks the tenth time TechMD has been recognized on CRN’s MSP 500 list and the first time we earned a spot in the prestigious Elite 150 category.

Why TechMD
IT Services
Security
Contact Us
Proudly serving clients nationwide, including:

Orange County | Los Angeles | Endicott | Syracuse | Ithaca | Boston | Auburn | Ocean City

Skip to content