April 16, 2020

Update on the California Consumer Protection Act

The California Consumer Protection Act (CCPA) went into effect on January 1, 2020. While no companies have failed to comply (yet), it’s probably only a matter of time. This blog takes a closer look at the CCPA’s requirements, it’s penalties, and ways to make sure you’re always in compliance.


Unfortunately, the threat of data breaches in the United States continues to rise, along with the potential impact a breach could have on the life of the average consumer. In a past blog, we described how the state of California led most states in enacting legislation to protect consumers from identity theft, and specifically, how it introduced the California Data Breach Notification Law in 2002.

in addition to the European Union’s GDPR, this law serves as a model that many states have since followed, and it has been modified over the years with new amendments occurring as recently as January 2017.

Recently California’s legislature passed new data privacy legislation to create the strongest privacy controls of any state in the U.S. This new law, the California Consumer Privacy Act (CCPA), went into effect on January 1, 2020 and attempts to bring more transparency to the murky trade in personal data.

The CCPA provides consumers in California with key data privacy protections, such as the right to access, delete, and stop the sale of their information, and greater transparency about how their data are used. These safeguards are particularly important because the federal government has failed to pass a data privacy bill for the entire country. 

This new law is evidence that California takes consumer security and data protection very seriously. The state essentially decided its existing laws weren’t strict enough, so it took the extra step of extending it to become even more stringent and far-reaching. 

This CCPA gives consumers the right to request access to all of the data businesses are collecting on them, as well as the control to make sure businesses don’t sell their information. Companies that fall victim to data theft or other data security breaches may be forced to pay statutory damages between $100 and $750 per California resident and incident, or the actual damages (whichever is greater). 

The passing of the California data breach notification law is unprecedented when you consider that it requires compliance in the same way GDPR does. Specifically, companies must adopt stricter data privacy policies for all customers and prospects—whether they reside in California or not.

This California breach notification law could also be the first “domino” to fall as other states look to pass similar legislation to roll out additional data privacy regulations. This new law will only make security compliance more challenging.


How ARIA Cybersecurity Solutions can help with the California Data Breach Notification Law

At ARIA Cybersecurity Solutions, we understand the challenges related to complying with data privacy laws such as the California Consumer Protection Act. 

This is why we purposely-built our cybersecurity solutions to detect and automatically stop the cyberattacks that do the most harm to your organization—such as ransomware and malware. These intrusions are so damaging because once they gain access to the network, they spread laterally, unseen, causing harm and exfiltrating data.  

Unlike other cybersecurity providers, we start with complete network traffic visibility—shining light into every corner of the enterprise no matter whether on-premises, at a datacenter, or in the cloud. It is through this heightened visibility that our ARIA SDS solutions can assist our customers with threat detection and response in two critical ways:

  • Improve performance of their existing security stack. The ARIA PI application seamlessly integrates with industry-leading security tools such as SIEMs, IDS/IPS, or SOARs, providing valuable NetFlow metadata for every packet on the network.  
  • Provide a fully automated approach to complete cyberthreat detection and containment.  The ARIA ADR application is a single platform “SOC-in-a-box.” ARIA ADR’s machine learning-powered threat models, guided by AI, can find and stop threats in just minutes—no humans required.  


These solutions build on our commitment and past track record of securing critical data and providing tools that let you know when and which data records might have been breached with complete audit trail and forensic records. This way, if a breach occurs, you have a better approach to compliance. 

For example, our solutions can help you meet the following  data privacy compliance requirements:

  • Protected data breach reporting within 72 hours to meet most notification requirements
  • Verifying critical PII data was properly protected by encryption or other advanced security means, rendering it unusable if accessed
  • Detailed reporting that can be used in any legal or auditing proceedings


Interested in learning more, and what makes ARIA Cybersecurity Solutions  different? Read our “5 Critical Advantages of ARIA ADR” brochure now. 


About ARIA Cybersecurity Solutions

ARIA Cybersecurity Solutions recognizes that better, stronger, more effective cybersecurity starts with a smarter approach. Our solutions provide new ways to monitor all internal network traffic, while capturing and feeding the right data to existing security tools to improve threat detection and surgically disrupt intrusions. Customers in a range of industries rely on our solutions each and every day to accelerate incident response, automate data breach detection, and protect their most critical assets and applications. With a proven track record supporting the Department of Defense and many intelligence agencies in their war on terror, and an award-winning portfolio of security solutions, ARIA Cybersecurity Solutions is committed to leading the way in cybersecurity success.

Tags: data breach, gdpr, cybersecurity, data protection