US State Privacy Assessments

Privacy has grabbed attention globally across various regions as organizations look to comply with various privacy regulations and compliance mandates. These include GDPR, CCPA-California Privacy Act, Colorado Privacy Act, New York Privacy Act, and other US Privacy laws.

Tools such as COBIT, ISO 27701, and SOC 2 for Privacy can provide assurance to internal and external stakeholders as well as can help in the governance, and risk management of the overall privacy program, and ensure compliance with GDPR, CCPA California Privacy, and other privacy mandates such as the Colorado Privacy Act, New York Privacy Act, and other US Privacy & Global Privacy laws.


On June 28, 2018, Governor Brown signed Assembly Bill 375, now known as the California Consumer Privacy Act of 2018 (CCPA), which grants consumers enhanced rights regarding the collection of their personal information. This regulation aims to establish procedures to facilitate consumers’ rights under the CCPA and provide guidance to businesses on how to comply. The CCPA is effective January 1, 2020.

Business compliance eligibility under CCPA

The CCPA controls the manner in which “businesses” treat the “personal information” of California residents. The CCPA defines “business” to mean any for-profit legal entity doing business in California that:

  • Has annual gross revenues in excess of $25 million.
  • Alone, or in combination, buys, receives, sells or shares the personal information of 50,000 or more California residents, households or devices.
  • Derives 50% or more of its annual revenues from selling California residents’ personal information.

Data Subject Rights under CCPA

  • Right to Know About Personal Information Collected, Disclosed, or Sold (Notice)
  • Right to Request Deletion of Personal Information
  • Right to Opt-Out of the Sale of Personal Information.
  • Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights (Equality).
  • Right to access what information is collected by business.