California Consumer Privacy Act



In the 21st century, we share and store our most sensitive personal information on phones, computer workstations, and cloud-based services and computers. Today more than ever, a strong privacy and personal data security program is essential to the safety and welfare of the people of California and to our economy.

The California legislature unanimously approved and enacted the California Consumer Privacy Act of 2018 (CCPA) on June 28, 2018. The CCPA is arguably the most far-reaching data protection law ever enacted in the United States. Fundamental to this right of privacy is the ability of individuals to control the use, including the sale, of their personal information.


Key Provisions of California Data Privacy Law 2018

  • Consumers’ right to know and access personal data
  • Right to Deletion
  • Right to Opt-Out / Opt-In
  • Right to Equal Service
  • Privacy Policy Requirements
  • Disclosure Requirements
  • GLBA/HIPAA/Research/Legal Exceptions


Schedule A

RSI Security is a full service CCPA Compliance Assessor and Advisory company that is uniquely positioned to assist you in meeting the CCPA requirements, protect personal data as well as honor consumers’ rights as per california privacy law.

RSI Security can evaluate your organization’s data privacy and security policies, procedures, and security controls to regulate the processing of personal data and prevent data breaches. We will identify any potential gaps between the practices and CCPA requirements, and advise corrective actions to be taken in order to be prepared for a CCPA audit.


Our CCPA Services


Personal Data Mapping and Inventory


Privacy by Design Program


Privacy Impact Assessment


Incident and Data Breach Response Planning


Network Penetration Testing


Vulnerability Scanning


Enterprise Privacy Risk Assessment


Personal Data Security Awareness and Training


CCPA Audit and Assessment Services (covering required and addressable technical, physical, and administrative safeguards for the personal data environment)

Value and Benefits of Being CCPA Compliant

  • Increased Customer Trust and Organizational Reputation
  • Increased Personal Data Protection
  • CCPA Audit-Ready and Secure Personal Data Environment
  • Personal Data Security Risk Management
  • Implementation of Information Security Program
  • Effective Incident Response Planning

Who is Required to Comply with the CCPA?

As per the California consumer privacy act text, CCPA Data Privacy Act applies to for-profit businesses that do business in California and fall into one or more of the following categories:

Have annual gross revenue of more than US$25 million derived from or attributable to the state of California (Cal. Rev. & Tax. Code [section] 17942(a)) 

Collect, buy, receive, sell, or share for commercial purposes the personal information of 50,000 or more residents, households or devices annually.

Derive 50 percent or more of annual revenues from selling consumers’ personal information.

Service providers and entities that control or are controlled by such a business and share common branding with that business will also be held accountable.

CCPA is applicable regardless of the size of the organization i.e. sole proprietorships, partnerships, LLCs, corporations, and other organizations that transact in CA and either collect, sell, purchase, or receive consumers’ personal data.


Your CCPA Compliance Partner

We are knowledgeable and experienced in providing compliance audit, assessment, and implementation services to organizations in meeting their regulatory compliance requirements, such as PCI DSS, HIPAA, EI3PA, NERC-CIP, NFA, FINRA, and GDPR.

Our experienced consulting team consists of:


Qualified Information Security Assessors (QSA)


Project Management Professionals (PMP)


Certified Information Systems Auditors (CISA)


Certified Information Systems Security Professionals (CISSP)

What Does the CCPA Cover?

Personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Personal information includes traditional identifiers (e.g. name, postal address, email address, Social Security number, and driver’s license or passport numbers), as well as unique personal identifiers (e.g. biometric information, IP address, internet browsing or search history, and geolocation data).

Penalties for non-compliance with CCPA

Companies that commit intentional violations are subject to penalties of up to $7,500 per violation.

Companies that commit an unintentional violation and fail to remediate within 30 days of receiving notice are liable for up to $2,500 per violation

Companies that experience data theft / data security breaches can be ordered in a civil class action to pay statutory damages between $100 to $750 per CA employee per incident or actual damages, whichever is greater, and any other relief a court deems proper.


Organizations that trust RSI Security


CCPA took effect on January 1, 2020. Businesses must take steps now to ensure compliance and avoid costly data-breach-related litigation and damage to business reputation.