As its Jan. 1, 2020, effective date draws closer, businesses subject to the California Consumer Privacy Act (CCPA) are struggling not only with what the statute means but also with how to structure a compliance program to meet the law’s requirements. For many businesses, this is the first time that they will have to comply with an over-arching privacy law, which has made the process of complying with the CCPA difficult. Other entities that have already had to comply with comprehensive privacy laws such as HIPAA, GLBA or GDPR are trying to navigate how those laws relate to the CCPA and how they can leverage existing policies and procedures toward CCPA compliance.

Of course, CCPA compliance has been made even more difficult because the law is still not solidified. At the time of writing this article, the California legislature is considering a number of bills that will, if passed, modify some parts of the CCPA. That process will conclude when the legislature closes Sept. 13.