BDO Knows California Consumer Privacy Act

May 2019


In the ever-evolving privacy landscape, the E.U.’s General Data Protection Regulation and many other country laws were only the beginning. The new California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020, builds upon existing privacy law principles that prohibit unlawful, opaque, and limitless capture and processing of personal data. Consumers’ rights will be extended to allow requests to businesses to disclose the categories and specific pieces of personal information that the business collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared.

If you are wondering if the CCPA applies to your organization, you are not alone. If your business operates in California and collects personal information (‘PI’) of California residents, their households, or electronic devices, the CCPA will likely apply to you if your organization meets one of the following criteria:*
*The above criteria for the CCPA may exempt small businesses, not-for-profits, and businesses already subject to existing federal laws with consumer privacy protections, such as health care (HIPAA) or financial institutions (GLBA).

BDO’s California Consumer Privacy Act resource page enables privacy executives to stay abreast of the impending regulation, and learn about overarching privacy and governance considerations in one convenient location.

Featured Insights


Building a Digital Transformation Strategy

The human spine is a remarkable feat of evolutionary engineering: 33 individual bones cushioned with fibrocartilage discs, bound together by interlocking joints and ligaments and connected to muscle by tendons.

Data Ethics Part II:  Handling Personal Data Responsibly

Ensuring Proper Protections are in Place when Sharing or Selling Personal Information

Using Automation to Comply with CCPA

In this era of innovation and digital transformation, organizations build strategies that rely heavily on large amounts of structured and unstructured data, including personal information, allowing them to derive conclusions about consumers, create targeted marketing campaigns or provide personalized experiences.

Six Month Countdown to CCPA: The 10 Information Governance Steps Needed for Compliance

In our quick 10 step guide, we provide an overview of the necessary Information Governance steps needed to help prepare for the CCPA, and also to consider more broadly as you’re building your privacy program.

GDPR One Year Later: A Data Privacy Retrospective

Please see our latest insight to review what actions companies are taking to improve their data governance and privacy compliance programs, as well as what they are doing to prepare for the influx of new privacy regulations, including California Consumer Privacy Act.

Data Ethics Part 1: California and Beyond

Companies around the world are finding it more difficult than ever to use consumer and personal data to solely grow their business. It’s now a matter of using that data in an ethical manner, which is better known as data ethics – the most recent and emerging branch of applied ethics.

Welcome to the Hotel California: The CCPA Is Here

If you are wondering if the CCPA applies to your organization, you are not alone. If your business operates in California and collects personal information (‘PI’) of California residents, their households, or electronic devices, the CCPA could apply to you.

Following Privacy's Yellow Brick Road: From GDPR to CCPA

Our quick reference timeline summarizes what you’ll need to tackle (and when), as well as some of the unique requirements of the CCPA.

[Archived Webinar] California Consumer Privacy Act: 6 Month Countdown for Retailers

With the impending deadline to comply with the California Consumer Privacy Act, Retail & Consumer Products companies are revisiting practices that impact their privacy compliance programs. 

Sangeet Rajan
Managing Director, Governance, Risk & Compliance
  Karen Schuler
Principal, National Governance, Risk & Compliance Co-Leader

Mark Antalik
Managing Director, Information Governance leader
  Jim Koziol
Managing Director, Records & Information Management Leader

James Amsler
Director, Channel Partnerships