October is National Cybersecurity Awareness Month (NCSAM)! NCSAM is an annual event designed by the U.S. Department of Homeland Security (DHS) and co-led by the Cybersecurity and Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCSA). NCSAM is a collaborative effort by both government and industry leaders intended to enhance public awareness regarding cybersecurity . This year’s agenda emphasizes personal accountability and taking proactive steps both at home and in the workplace to enhance cybersecurity. This year’s motto is Own IT. Secure IT. Protect IT – #becybersmart, and focuses on areas such as consumer privacy, consumer devices and e-commerce security.

In honor of NCSAM, we are focused on what is one of the hottest issues of 2019, and present our California Consumer Privacy Act (CCPA) FAQs, for all businesses regardless of size or industry. With its effective date less than three months away, the California Consumer Privacy Act (CCPA), considered the most expansive U.S. privacy law to date, still presents many unanswered questions for businesses, service providers, and other interested parties. However, to avoid costly fines, penalties, and litigation, CCPA compliance needs to begin now. To assist businesses with their compliance efforts, we prepared these CCPA FAQs.

Topics include:

  • Entities subject to the law,
  • The definitions of personal information,
  • Pending exceptions for employees and business contacts,
  • Requirements and penalties for employers under the CCPA,
  • New consumer rights and required website notices, and
  • Litigation and class action exposure for businesses that experience a data breach.

The CCPA continues to evolve. As of this writing, we await action or inaction by Governor Newsom on a number of amendments that have been proposed and passed. Additionally, we are reviewing recently issued proposed regulations from the California Attorney General. Thus, while the January 1, 2020 effective date will come and go, businesses need to remain vigilant and continue to monitor legal developments regarding the CCPA, as well as its influence on similar legislative measures in other states.

In addition to our CCPA FAQS, below are additional resources we’ve prepared to provide businesses with a better understanding of how the CCPA was developed, where it is headed, and how it will impact covered entities:

We hope you will find the CCPA FAQS and other resources helpful in navigating the compliance requirements of this groundbreaking law.

Tags: California Attorney General Xavier Becerra, California Consumer Protection Act, California Consumer Protection Act FAQs, CCPA, CCPA FAQs, consumer privacy, Governor Newsom, National Cybersecurity Awareness Month, NCSAM, personal information
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Joseph J. Lazzarotti Joseph J. Lazzarotti

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the…

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

Read more about Joseph J. Lazzarotti
Show more Show less
Photo of Jason C. Gavejian Jason C. Gavejian

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy…

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Privacy blog.

Jason’s work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Read more about Jason C. Gavejian
Show more Show less
Related Posts
Top 10 Privacy, AI & Cybersecurity Issues for 2026
January 28, 2026
Florida’s Digital Wiretapping Surge: What Businesses Need to Know About FSCA Litigation
January 27, 2026
The Hidden Legal Minefield: Compliance Concerns with AI Smart Glasses, Part 2 – Two-Party Consent and AI Note-Taking
December 15, 2025