Threat Tuesday: The California Consumer Privacy Act


In addition to holiday sales and end-of-year promotions, you’ve likely noticed another common theme in your email inbox this month: “Notice of Privacy Policy Update”.

That’s because on January 1, 2020, the California Consumer Privacy Act takes effect. This law, which was passed in 2018 and amended in 2019, is designed to regulate how companies store and use the personal information of California residents.

This may seem familiar — the European Union enacted a similar regulation, the GDPR, last year. And while the CCPA is different in many ways, the goal is the same — to give consumers a say in how their information is handled.

If your company is subject to this law, then you’ve spent many months preparing for its implementation. But, there’s one area that you may still need to consider: your IT asset disposal strategy.

Much like other privacy regulations, the CCPA specifies penalties for companies that leak data on their customers. The statute specifies that each consumer may seek civil remedies of $100 to $750 if their data is exposed — which can add up quickly. Even a “small” data breach of 1,000 records could add up to penalties of $100,000 to $750,000 — giving you a good incentive to keep your data secure.

When IT assets are disposed of, they may still contain information protected under the CCPA. So it’s important that you make sure that they’re handled properly and destroyed securely.

CyberCrunch is your nationwide ITAD specialist. With years of experience helping our customers comply with some of the toughest privacy regulations — including HIPAA, SOX, and GLBA — we will make sure that your old IT assets don’t become a liability.

Contact us today to get a quote or schedule a pickup.