What CCPA Means For Your IT Strategy in 2020 (and beyond)

November 24, 2019 | Posted by: Meghan Donovan
California Consumer Privacy Act IT Implications

The Jan 1, 2020 deadline to comply with the CCPA (California Consumer Privacy Act) is fast approaching!

If your organization handles the personal information from California residents, CCPA's new rules will likely apply to your business and impact your IT strategy. According to the International Association of Privacy Professionals (IAPP), over 500,000 businesses in the US will need to comply with this new law and the most common industries that will be impacted include manufacturing, marketing, mortgage lending, auto dealers, outdoor retailers, and restaurants. 

3 Ways CCPA Will Impact IT Strategy at Your Business

CCPA Impact on Businesses & IT Departments

The CCPA Will Force Review of Data Retention Policies & Google Vault Rules

One of the main pillars of the recently passed CCPA is that it grants California consumers the right to access & delete their data and it restricts which organizations can collect, store and sell that personal information.

For your IT strategy, this means it’s time to review your company’s data retention policy to ensure that it incorporates both your obligations under the CCPA and other applicable regulations.

Once your data policy is reviewed, the next step is reviewing your Google Vault rules to ensure they are in alignment with the updated policy.

Google Vault is the retention & eDiscovery tool for G Suite organizations which is managed by a G Suite administrator and is included with the Enterprise G Suite license. 

Recommended: G Suite Security: An Admin Security Checklist

The CCPA Will Force Prioritization of Data Security Education

One of the two penalties that can be assessed under CCPA relates to data breaches. As if your organization and IT team, needs another reason to prioritize the security of your data and users, it has one now.

After January 1, 2020, a company can be penalized $750 per record lost in a data breach if a company did not employ “reasonable” security measures to protect personal information. According to Statista, the United States saw 1,244 data breaches in 2018 and had 446.5 million exposed records.

That $750 can add up. To mitigate your risk of a breach, we encourage our customers to utilize the robust security features available to G Suite Enterprise organizations via Cloud Identity.

With Cloud Identity, G Suite admins can maximize end-user efficiency and protect company data. Admins can control user access to SaaS apps, enforce strong multi-factor authentication to protect user accounts, manage endpoints and investigate threats with the Security Center. Be sure to read our latest blog post, 5 Ways to Avoid a Data Breach with G Suite for additional information.

CCPA Forces Improved Data Security

Beyond Cloud Identity, G Suite incorporates a number of features that empower users across the organization to prioritize the security of their account and the data that it holds.  Keeping organizational data secure is the job of all employees, not just those in the IT or legal department. Educating employees on the steps they can take to secure their email account is a powerful way to encourage the prioritization of data security.

If you’d like help assessing the security of your domain, Suitebriar now offers 12-point G Suite Security Audits. Schedule your audit today.

The CCPA Will Likely Result in Increased IT Spending

CCPA compliance is a compelling reason to upgrade your G Suite plan to the Enterprise version. G Suite Enterprise offers enhanced security, controls, and customizations and includes access to the G Suite security center to offer a single pane of glass into the health of your domain. To learn more about G Suite Enterpirse, contact one of our Google Cloud specialists.  

Lastly, sure, at the moment this law only impacts organizations doing business with California residence, but it is widely discussed that the CCPA could become the framework for sweeping reforms that would impact data security and consumer rights nationwide, as we've recently observed in Europe.

The time is now, to safeguard your business and your customers from data security breaches.


Please note that this post isn’t intended to be legal advice. If you have questions about G Suite & security, we’re your guy/girl. If you have questions about the specific implications of the CCPA for your business, please contact a legal professional.