Chris Lyon spoke to TechRepublic about the July 1, 2020 deadline for enforcement of the California Consumer Protection Act (CCPA).
According to Chris, the data protected by the CCPA includes much more than just email address and name. “That makes it challenging for companies because they have a CRM database with PII in it but they may well have other data sets about preferences or buying history and they have to pull all of the relevant information,” she said. “It’s often in different databases and no one anticipated having to pull a copy when these systems were built.”
Chris also talked about the ambiguity about the exact definition of “doing business in California,” which determines whether a company is subject to the law. “Just selling products might not be enough to qualify,” she said, adding that “it might be more about having a presence there or targeting customers in California.”
Read the full article.