5 Privacy Trends for 2025: What to Watch For
Heraclitus said that “The only constant in life is change,” but...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: December 11, 2023
Published: November 1, 2019
Although the California Consumer Privacy Act (CCPA) was signed in June of last year, its enforcement date is swiftly approaching. The California Attorney General announced that they would begin enforcing the law on July 1, 2020. The law granted new data rights regarding the use and collection of personally identifiable information (PII) to any individual that resides in the state. What this means for businesses that operate within California (and to an extent, a majority of U.S.-based businesses) is no small matter. Under the law, companies aren’t required to be based in the state or even have a presence in the U.S.; if you serve California residents, then the rules most likely apply to you, and the law applies to California residents, even if they may be in another state at the time they visit a website, so CCPA has effectively become a national law for the United States of America.
California boasts the largest gross state product — $3.018 trillion in 2018 — and could be considered the fifth largest economy in the world if taken as a stand-alone figure. Propelled by tech sector behemoths like Apple, Oracle, Synnex, Intel, Salesforce, Facebook and many more, the CCPA’s ramifications for employees, customers and operations signals big changes on the horizon regarding privacy and data practices.
In the spring of 2018, the European Union (EU) introduced the General Data Protection Regulation (GDPR), the strictest privacy legislation to date in the digital age. The GDPR gives EU citizens control of their personal data through codified and unified data laws, forging an environment of trust via regulation for businesses and citizens alike. With obligations around personal data, privacy, consent, access, and breach notification, many components of the GDPR lay the groundwork for the legislative measures of CCPA.
In its initial presentation, the CCPA states that it intends to “give Californians the ‘who, what, where, and when” of how businesses handle consumers’ personal information.” Three major objectives of the bill include:
While there are qualifying criteria for companies that must comply with the CCPA (annual gross revenue of $25 million and up, 50,000+ personal information/accounts or 50% or more annual revenue generated by California residents’ PII), the CCPA heralds changes coming down the pipeline for all.
The CCPA has been grabbing headlines as its enforceable day draws near but more than a dozen other states are quietly working toward their own data protection regulations. Though California’s measures are regarded as the most comprehensive, the tides are shifting. Nevada’s Senate Bill 220, Maine’s Act to Protect the Privacy of Online Consumer Information, and Pennsylvania’s House Bill 1049 are examples of three states fast-tracking protections for consumer data. Oregon, New York, New Jersey, Massachusetts, Maryland, Texas, and Washington are similarly undergoing processes to update information protections pertaining to data privacy, security, cybersecurity and breach notification laws.
The point being, there is significant momentum around changing privacy and data management practices. The CCPA is the front-runner for now and while each state’s actions are different, how long will it be before the U.S. implements sweeping regulations? Now is not the time for your business to sit back and wait. Inaction at this precarious juncture runs a costly risk.
Money is a simple answer to why you need to be compliant. Fines for infractions under CCPA will range from $2,500 to a cap of $7,500 per violation. While this amount has the capacity to accumulate quickly, the bigger fear revolves around the legislative language surrounding the rights of consumers to bring lawsuits against a business for a breach or exposure of private data.
To avoid either scenario, shoring up vulnerabilities in your organization is imperative. Personal data must be accounted for; access requests require a response strategy for search, access, and security. The window for figuring out how to adhere to compliance is narrowing as the deadline approaches.
Time is of the essence to secure the reputation of your organization and the future of your business.
Rememer, CCPA is just one of many data privacy laws. Good privacy programs abide by and even exceed the requirements of many laws.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.