Paul Lanois, SSCP, CIPP, CIPT, CIPM, Member of the (ISC)² Advisory Council of North America Privacy Working Group has published in the (ISC)² Blog: Getting started on the CCPA
This is amust reading for US people intrested upon Privacy
Summary of this paper:
While the CCPA is not yet applicable, its enforcement date is rapidly approaching and it is necessary to use the remaining time left to prepare for the new requirements. The scope of the requirements is broad: the CCPA forces a company-wide strategy and review of processes for managing personal data on every level, and it includes various types of online data in its definition of personal. New rights and obligations must be accounted for and every organization will have to work out its own approach to reflect the context and practices of the business. At the very least, a business should be mapping the personal information that it collects and locations where personal information is stored. In this regard, the CCPA is not the only new or updated privacy law to be enacted in the United States: other states, such as Nevada and Utah, have recently updated their privacy laws, and it is expected that more states will follow.