CCPA Amendments: Key Changes You Need to Know
The Governor of California signed five amendment bills under the CCPA into law on October 11, 2019.
The Governor of California signed five amendment bills under the CCPA into law on October 11, 2019.
Consequently, businesses will need to incorporate these amendments in their compliance efforts ahead of the January 1, 2020 deadline.
This move comes immediately after California’s Attorney General drafted regulations a day earlier and intends to hold public hearings in four cities across the state on December 6, 2019, to get the public's views on the new Act. Interested parties will be allowed to air their views about CCPA at the town hall meetings, as well as via postal mail and e-mail.
The Attorney General’s draft regulations are proposed rules focused on providing specific guidance on how businesses can comply with CCPA. On the other hand, the amendments signed into by the Governor will replace or reinforce the legal text of the Act.
Here are the summaries of the amendments that the Governor of California signed into law;
Assembly Bill 1564 – Consumer Request for Disclosure Methods
The CCPA requires businesses to provide at least two alternatives for consumers to submit information and deletion requests, which comprise a toll-free phone number and an e-mail address.
Assembly Bill 1355 – Clarifying Amendments and Exemptions
This amendment excludes de-identified or cumulative consumer data from being defined as personal information. Additionally, it enacts a 12-month exemption for specific B2B communication or transactions an expands the existing exemption for compliance with the national Fair Credit Reporting Act (FCRA).
Assembly Bill 1202 – Data Broker Registration
This regulation requires individuals or businesses specializing in data brokerage to seek authorization from the California Attorney General.
Assembly Bill 1146 – Vehicle Warranties and Recalls
Under CCPA, vehicle information, including repairs, warranties, and recalls, are exempted from the right of deletion.
Assembly Bill 874 – Publicly Available Information
This amendment clarifies the definition of ‘publicly available’ to denote data that is legally made available from federal, state, or local government databases. It also explains that the description of ‘personal information’ does not comprise de-identified or aggregate consumer data.
Assembly Bill 25 – Employee Exemption
This law modifies the CCPA such that it does not apply to the collection of personal data from job seekers, employees, entrepreneurs, directors, officers, medical employees, and contractors for 12 months.
Assembly Bill 1130 - Personal Information; Data Breaches
It revises the definition of personal information and permits an individual or a business that is obligated to issue a safety breach notification to include notification for biometric information.
Secure Privacy’s solutions can help you comply with CCPA and build this trust with your customers. These solutions are easy to use and integrate with any website seamlessly. If you have any additional questions regarding these solutions, check out our detailed CCPA guide on how to become CCPA compliant or book a call to speak to an expert.

Nigeria Data Protection Law: Complete NDPA Compliance Guide 2025
Nigeria Data Protection Law has transformed the country's privacy landscape through the Nigeria Data Protection Act (NDPA) 2023. This comprehensive legislation affects all businesses handling personal data of Nigerian citizens, whether operating locally or internationally.
- Legal & News
- Data Protection

Using DSAR Custom Controls in Secure Privacy
Secure Privacy has launched advanced DSAR form customization capabilities that transform how organizations handle Data Subject Access Requests. These new DSAR custom controls allow privacy teams to create tailored forms that match their specific workflows, improve user experience, and maintain brand consistency.
- Legal & News

Privacy Risk Assessment Module
Managing privacy risks has become critical for organizations in 2025. With data protection authorities issuing over €2.8 billion in GDPR fines since 2018, privacy risk assessment software helps companies identify threats before they become costly violations.
- Legal & News