California state law granting consumers rights over their personal information and requiring businesses to implement privacy protections and disclose data practices.
CCPA impacts insider risk management by requiring organizations to implement reasonable security measures to protect personal information from unauthorized access, destruction, or modification. The law's data minimization requirements and consumer rights (access, deletion, opt-out) necessitate comprehensive access controls and audit capabilities. Insider incidents involving California residents' personal information can result in significant fines and civil penalties under the California Privacy Rights Act (CPRA) amendment.