On January 1, 2020, California — the fifth-largest economy in the world, — will transform the way companies can gather data on anyone who is a resident of the state. The California Consumer Privacy Act (CCPA) is easily the most important legislation of its type since Europe’s General Data Protection Regulation (GDPR) went into effect in 2018.

Although some details about CCPA still need to be hammered out, the legislation will go into effect in just a few months. Enforcement is scheduled a few months later.

This new legislation is a lot to keep track of. Use this comprehensive megalist of CCPA resources to understand the differences of the CCPA and GDPR as well as to study up on the law’s many details, including what companies are affected and when the law’s provisions and enforcement go into effect.

The CCPA infographics, articles, podcasts and white papers will all help you and your staff to get up to speed.

First, here’s a timeline showing the main CCPA dates to keep in mind.

CCPA Timeline

October 12, 2017 – Alastair Mactaggart and his group, Californians for Consumer Privacy, submit a privacy ballot initiative. The ballot is later withdrawn after the state legislature promises to pass a bill substantially the same as his initiative.

June 28, 2018 – The California Consumer Privacy Act, AB 375, is signed into law just a week after being introduced.

August 31, 2018 – An amendment bill is approved.

~ September 15, 2019 – Draft rules for the CCPA to be published around this date. A 45-day comment period then begins.

~ November 1, 2019 – Final regulations are likely to be published on or around this date.

January 1, 2020 – Businesses are required to comply with the CCPA. However, enforcement will not begin until six months after the final regulations are published or July 1, whichever comes first.

July 1, 2020 – Latest possible date for enforcement to begin

July 2, 2020 – Latest possible date for California’s attorney general to publish CCPA regulations


Background on the California Consumer Privacy Act (AB 375)

The Office of California’s Attorney General
Current rule-making activity, timelines, announcements and other information

Californians for Consumer Privacy: Facts
The organization whose ballot initiative led to the CCPA

The Unlikely Activists Who Took on Silicon Valley — and Won
An August 2018 New York Times article about how Californians for Consumer Privacy got off the ground

Making Privacy Law [podcast]
Firefox’s IRL podcast series covers GDPR and CCPA. It also includes a discussion with Alastair MacTaggart, the real estate developer behind Californians for Consumer Privacy


CCPA 101

What is CCPA?
From AdMonsters

CCPA: What You Need to Know [infographic]
An infographic to print out and post, simplifying the key points including checklist, potential fines, and consumer rights covered. From Endpoint Protector, a data loss prevention product

CCPA and the Bottom Line [infographic]
From the National Law Review: “Implications for companies doing business in California”

The California Consumer Privacy Act [infographic]
From the law firm Manatt, Phelps & Phillips

Compliance at a Glance for Website and Mobile App Operators [infographic]
From the Media Trust. Includes top things to do now to prepare, and a list of what businesses must do to comply

CCPA Is Coming: Time to Wake Up and Smell the Legislation
A broad introduction from Jeff Nicholson, the vice president of CRM Product Marketing for Pegasystems. Answers “Who Should Be Worried about CCPA?” and discusses the challenges baked into the consumer question “Where’s my data?”

California Consumer Privacy Act
From the Buchalter law firm: a summary of what to do to get ready, along with a comparison between CCPA and GDPR

California is Bringing E.U.-Style Privacy Laws to the U.S. Here’s What You Need to Know
Some prudent risk-free steps for preparing that include thinking about how you handle customer data in general

California Consumer Privacy Act: What you Need to Know
From TrustArc, the technology compliance and security company; accompanies an on-demand webinar

Preparing for the California Consumer Privacy Act (CCPA)
From Symantec — accompanies an on-demand webcast: recorded webinar

Explain Like I’m Five: GDPR Updates & CCPA [webinar]
From BetterCloud, which sells SaaS management software: A data privacy expert covers compliance and how to get started


CCPA vs. GDPR: How Do They Compare?

Key Differences Between GDPR and CCPA [infographic]
From 250ok, an email analytics and deliverability platform

Preparing for the CCPA: Leverage GDPR Investments to Accelerate Readiness
From Security Intelligence/IBM: how to use principles familiar from GDPR to avoid reinventing the wheel when it comes to CCPA and any other upcoming privacy legislation

Your readiness roadmap for the California Consumer Privacy Act (CCPA)
From PricewaterhouseCoopers: includes a detailed comparison of requirements

Case Study – Life with GDPR Compliance for US Businesses
From CodeCrew, a website and email provider: includes info on what to expect during the CCPA rollout based on the early days of GDPR

Comparing privacy laws: GDPR v. CCPA [PDF]
From DataGuidance and the Future of Privacy Forum: The guide looks at include scope, definitions, the legal basis, rights and enforcement of the two pieces of legislation

CCPA and GDPR: Comparison of certain provisions
From White & Case: a comparison that includes extensive commentary and similarity and differences

Will CCPA Have GDPR-Like Effects?
From eMarketer: According to a March 2019 poll, 55% of U.S. privacy professionals planned to be CCPA-compliant prior to January 1, 2020, when the law goes into effect, and another 25% plan to be ready by July 1, 2020, when the law can be enforced


Big-Picture Planning & CCPA Resource Portals

CCPA Countdown
From Interactive Advertising Bureau: includes key definitions, a timeline, and many other resources

California Consumer Privacy Act Roadmap [pdf]
The IAB’s roadmap “provides a structured and comprehensive framework of CCPA’s obligations as they relate to those in the digital advertising industry who collect, sell and/or disclose personal information.”

Have You Met These 3 Crucial CCPA Compliance Challenges?
From JD Supra: “The complexities involved in CCPA compliance may be just as big, for some companies, as those they were confronted with before the arrival of the GDPR. Beforehand, many did not have a real grasp of the intricacies of their own systems and processes, or of the difficulty involved in making them compliant.”

California Consumer Privacy Act Resource Center
From Jebbit, a mobile data platform provider: Resources and timelines, including an overview and action plans for marketers

CCPA Portal
From the Insights Association, a group for the marketing research and data analytics community: includes a list of the various bills that may change the legislation as well as information on the association’s advocacy for shaping it

The Ultimate Guide to California’s Data Privacy Law [white paper]
From the software provider WireWheel: includes main components of the law, duties and obligations for businesses affected, differences between the GDPR and the CCPA, and a checklist of steps to take

Navigating CCPA Compliance in Absence of Clear Rules [white paper]
From Secure Digital Solutions

California Consumer Privacy Act and the Role of IAM [webinar and slide deck]
From software provider WSO2: “Explores the basics including what CCPA is, how enterprises can prepare for it, a comparison with GDPR” and how identity access management how help

California Consumer Privacy Act (CCPA)
From Nymity, a privacy compliance software vendor: includes links to white papers and webinars, which are oriented toward privacy officers

California Consumer Privacy Act of 2018
From the law firm Perkins Coie: a set of webinars, a white paper and other resources for preparing for CCPA

California Consumer Privacy Act – Are you CCPA-Ready?
From law firm Orrick Herrington & Sutcliffe: includes an assessment tool to measure preparedness level as well as other coverage and insights into the laws envisioned in other states

A Practical Guide to CCPA Readiness: Implementing Calif.’s New Privacy Law (Part 2)
From the Baker McKenzie law firm

The unique challenges CCPA poses for SMEs [podcast]
From the IAPP


CCPA Readiness Checklists

CCPA Compliance Timeline
From the tech-law firm SixFifty: internal deadlines to plan for compliance

California Consumer Privacy Act Checklist
From the law firm Morgan, Lewis & Bockius

Your California Consumer Privacy Act Checklist
From Frost Brown Todd Attorneys

CCPA Organizational Readiness Checklist
From the software platform provider Centrl

CCPA vs. GDPR: 10 Things to Do Now to Prepare for the Strictest US Privacy Law
From the Fenwick & West law firm

Top 10 Things to Do to Prove CCPA Compliance
From Womble Bond Dickinson

8 Steps to CCPA Compliance
From CSI, a fintech and regulatory compliance provider

6 Steps: Getting Ready for CCPA [white paper]
From Io-Tahoe, a provider of data-discovery solutions


CCPA for the Ad Industry, Retail & Others

Ready or not, here it comes: How prepared are organizations for the California Consumer Privacy Act? [white paper]
From the International Association of Privacy Professionals: includes results of a 2019 survey “to determine where U.S. privacy professionals stand on CCPA compliance”

How the California Consumer Privacy Act (CCPA) will affect you and your business | TECH(talk)
From CSO Online: “how CCPA may shift business models, change online behavior and reveal where exactly our data has been”

Navigating disclosures and sales of personal information under the CCPA
From the International Association of Privacy Professionals’ Privacy Advisor

What Publishers Need To Know
From Business Partner Magazine: includes the ways CCPA will affect data collection/usage, opting out and offering financial incentives to encourage consumers to opt in to disclosing data

California Consumer Privacy Act
From Mintz law firm: includes webinars devoted to the unique issues faced by those in healthcare and retail as well as a blog covering the status of the law various privacy amendments

CCPA: What do Marketers Need to Know? [podcast]
An episode of the Marketing Remix, presented by Red Door Interactive

How GDPR, CCPA impact healthcare compliance
From Compliance Week: “These new statutes . . . are fundamentally different than previous laws … [They] are citizen privacy rights bills versus a cyber-security or data management-focused bill, like HIPAA”

Getting Retail Ready for CCPA [podcast]
From Acxiom’s Retail Shift podcast: includes discussion of the ways in which CCPA contrasts with GDPR

A Year after GDPR, How Can U.S. Insurers Prepare for Data Privacy Regs Closer to Home?
From Insurance Journal

What Is the California Consumer Privacy Act and What Does it Mean for AdTech & MarTech?
From Clearcode, a software development company

Proposed Amendment [SB-753] to CCPA Could Provide Reprieve for AdTech Industry
From Kelley Drye’s Advertising and Marketing practice: coverage of SB-753, which would provide an exception in the CCPA’s definition of “sale” some data sharing that is done for purposes of delivering advertising

State legislature debates CCPA ad-tech carve out amendment
From the IAPP: global information privacy community and resource

The California Consumer Privacy Act’s Impact on the Digital Advertising Industry
From the IAPP: global information privacy community and resource

The California Consumer Privacy Act’s Impact on the Digital Advertising Industry
[Requires registration] From Law.com: “Complying with the law may be an especially thorny undertaking for data-driven marketing and advertising businesses.”


Risk Assessment

Businesses Across the Board Scramble to Comply With California Data-Privacy Law
From the Wall Street Journal: “Any Fortune 500 company is going to spend at least $1 million on CCPA compliance” in the law’s first year, said Jay Cline, a principal with PricewaterhouseCoopers. “And we’ve seen budgets as high as $100 million.”

A CCPA Class Action Is Coming and Preparedness Is The Best Way to Avoid It
[Requires registration] From Corporate Counsel: “Cameron Azari, vice president at Epiq, said because it is difficult to show actual damage, historically data breach suits have mixed results. However, not having to show actual damage [under the CCPA] may make it easier for plaintiffs to succeed.”

CCPA: Consumers and the Right to Sue
From The National Law Review: “Given that consumers appear to be unable to enforce violations of all of their rights under the CCPA, it remains to be seen how the Attorney General will propose to enforce them.”

Is Your Organization Ready for the CCPA? The Importance of an Incident Response Guide
From Carlton Fields, attorneys: “An incident response guide is the organization’s playbook for how to investigate, respond to, and remediate a data security incident or breach.”

Why the CCPA’s ‘verified consumer request’ is a business risk
From the IAPP: “There is a simple and innocuous-sounding requirement stating that requests for access and deletion must be ‘verified.’ However, the law does not clarify what qualifies as verified.”

Publishers face new risks in the wake of CCPA
From Digital Content Next: includes summaries of related legislation being proposed in other states


Have questions? Admiral helps publishers manage consent and privacy, with an understanding of the complexities of ads, digital subscriptions, and gathering consumer data via signups. Contact consent@getadmiral.com