What It Is

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), is a comprehensive state privacy regulation effective since 2020. It empowers California residents with control over their personal information collected by businesses. The primary scope targets for-profit entities meeting thresholds like $25 million revenue or handling data of 100,000+ consumers/devices. It uses a rights-based, threshold-driven approach emphasizing transparency, opt-outs, and enforcement.

Key Components

• Core **consumer rightsknow/access, delete, opt-out of sales/sharing, correct inaccuracies, limit sensitive personal information use.
• Business duties: detailed notices at collection, privacy policies, data inventories, vendor contracts, reasonable security, Global Privacy Control (GPC) support.
• Enforcement via CPPA and Attorney General; fines up to $7,500 per intentional violation; private breach actions. No certification model; compliance via documented practices and audits.

Why Organizations Use It

Mandatory for applicable businesses to avoid multimillion fines, litigation, and reputational harm. Strategically, it enhances data governance, builds consumer trust, reduces breach risks, enables partnerships, and aligns with GDPR-like regimes for efficiency and market differentiation.

Implementation Overview

Phased framework: scoping/gap analysis (0-3 months), policy/notices/contracts (1-4 months), technical systems/security (2-6 months), training/operationalization, ongoing audits. Targets tech, retail, ad firms globally handling CA data; cross-functional (legal, IT, security); annual reassessments required.

What It Is

ISO 14064 (Parts 1-3:2018-2019) is an international standard family specifying requirements and guidance for quantifying, reporting, and verifying greenhouse gas (GHG) emissions/removals. It adopts a principle-based, modular approach covering organizational inventories, project reductions, and assurance, aligned with GHG Protocol principles.

Key Components

• **Part 1Organizational GHG inventories (Scopes 1-3 boundaries, quantification)
• **Part 2Project-level emission reductions/removals (baselines, additionality)
• **Part 3Validation/verification processes (risk-based assurance) Core **five principlesrelevance, completeness, consistency, transparency, accuracy. Voluntary compliance model with third-party verification.

Why Organizations Use It

• Meets regulatory demands (CSRD, SB-253), enables emissions trading/green finance
• Enhances investor confidence, mitigates greenwashing risks
• Drives internal efficiencies, supply-chain decarbonization
• Builds stakeholder trust via auditable, comparable data

Implementation Overview

Phased: governance/gap analysis, boundary/data design, quantification/reporting, assurance. Suited for all sizes/industries globally; 6-12 months typical, requires data systems/training.