It was only a matter of time before US created their own version of the EU\u2019S General Data Protection Regulation (GDPR). However, unlike the EU who addresses digital privacy protection on a national level, the US is handling online privacy on the state level. California has led the charge with the California Consumer Privacy Act (CCPA) that was passed into law in 2018.\n3 main takeaways from the California Consumer Privacy Act of 2018\nCCPA is designed with consumers in mind and gives California residents some of the strongest online privacy protections in the country. Here are three main takeaways of the California Consumer Privacy Act of 2018:\n\nResidents have ownership over their data. A company cannot share or sell a customer\u2019s personal information.\nCustomers control the information that is collected about them by all companies.\nThe burden is placed on organizations to protect customer data and personal information.\n\nAt the #IDGTECHtalk Twitter chat on November 21, we discussed the implact that the California Consumer Privacy Act will have on privacy across the country and internationally. The chat, led by Sumo Logic\u2019s Chief Security Offer George Gerchow, explored the implications of CCPA on the enterprise. Here\u2019s what we learned.\nCCPA\u2019s impact will vary greatly from organization to organization\nFor some organizations CCPA will require a total overhaul on their privacy policies, while others might only need to make minor changes due to existing GDPR compliance. But as Kayne McGladrey, Chief Information Security Officer at Pensar Development, pointed out, there will certainly\u00a0 be another round of endless privacy disclosure emails.\n\nI think we're going to see something like the privacy notification email deluge we saw with the roll out of GDPR. Because we all need more emails. #IDGTechTalk\u2013 Kayne McGladrey, Director of Security and Information Technology at Pensar Development\nIf a firm has no #PII for Californians, zero to do. If they do, lots to do. If they already dealt w\/ #GDPR, then it\u2019s relatively easy. But if they haven\u2019t, it\u2019s a massively HUGE endeavor.\u2013 Ben Rothke, Senior Information Security Specialist at Tapad\n\nSmall organizations will have a tougher time with CCPA compliance\nWhile any organization that collects customer data will be directly impacted by CCPA, the urgency and consequences for non-compliance will be most heavily felt by smaller organizations with fewer resources and smaller pockets.\n\nOne of the observations about GDPR 1 year on is that compliance and issuing of fines has failed. Thus with CCPA, small businesses will be affected the most as they try to comply while many larger enterprises will deflect, delay or do lip service to legislation. #IDGTECHtalk\u2013 Steve Prentice, professional speaker and writer\nThose organizations that have the budget and those who are already on the path of #GDPR might find #CCPA somewhat easy and maybe redundant to do. Others without budgets to do this will just struggle. #idgtechtalk\u2013 Arsalan Khan, Speaker, Advisor and Blogger\n\nCustomers must educate themselves on the CCPA\nThe burden is on the customer to ensure their privacy is protected and that they understand their rights under the new law. CCPA is designed to put the power back into the hands of customers, and it does accomplish that for the most part. However, organizations are not responsible for educating customers on their rights, only for their own company-wide compliance.\n\nCustomers need to educate themselves on their #CCPA rights using #gov literature first. Companies will need to update their privacy policies and educate their customers through their usual outreach channels such as email or social. #IDGTECHtalk\u2013 Will Kelly, senior technical writer\nCustomers need to understand their rights under #CCPA & how to make sure they are protected. For every #PII #privacy right afforded under CCPA, orgs. must have well-defined & documented processes to ensure they are executed properly. #IDGTECHtalk\u2013 Ben Rothke, Senior Information Security Specialist at Tapad\n\nCCPA might make things more complicated at first\nThere are enough loopholes and murky language to thoroughly complicate the implementation of CCPA compliance. To combat this, organizations might do the bare minimum to meet CCPA standards. Again, this is why it is so important that customers take the time to educate themselves on this law. It is important that customers also play watchdog to ensure organizations sustain proper compliance practices under CCPA.\n\n#CCPA will raise privacy concerns yet again with responses varying from lip service to deflection to some real (maybe not sustained) action depending on the company\u2019s industry and their contact points with customer data. #IDGTECHtalk\u2013 Will Kelly, senior technical writer\n\nThe California Consumer Privacy Act of 2018 is an exciting development as state governments and corporations navigate their responsibility for protecting customer privacy. We are even seeing other states follow in California\u2019s footsteps with their own online privacy laws. While there will certainly be growing pains, the final outcome of a more secure Internet is invaluable.