Written by Charles Weaver, CEO of MSPAlliance

It was only a matter of time before another legislative body took notice of the European Union’s GDPR law and created one of their own. It should not be any surprise that the state of California is arguably the first state in the United States to craft a “GDPR” style data privacy law which is both sweeping in scope and designed to push the limits of regulatory burden versus privacy protections.

The California Consumer Privacy Act of 2018 was signed into law last year, and while everyone has been focusing on GDPR, nobody seemed to notice what California was doing. However, this doesn’t mean that the CCPA won’t have the same level of impact as GDPR has had. I think it could be even more significant, especially for MSPs practicing in California, and the rest of the United States.

While the law does not formally go into effect until January 1, 2020, but there are quite a few things which will impact MSPs of all sizes. Here is what we know.

Who is Impacted?

Any entity holding data on more than 50,000 people will be covered. My guess is a lot of MSPs will be impacted by this law simply because customers will be seeking out advice on how to comply. MSPs such as data centers and cloud providers holding data on more than 50,000 users will naturally be directly impacted and need to demonstrate compliance. Each violation has a fine of $7,500.

Right to be Forgotten

Similar to GDPR, CCPA also has a right to be forgotten provision. This means covered entities will be required to delete specific data sets at the request of users.

Right Not to Have Your Data Sold

The law also goes further than GDPR in placing restrictions around the sale of data, requiring entities to put warnings on websites, including “Do Not Sell My Data.” The law does not restrict the sale of personal data, it just allows the data subject to a) know whether their data has been captured, and b) whether their data has been sold.


We have entered a new era of managed services: the age of data management. Devices are dead, in the sense that the management of devices is less important than the data on them.

MSPs need to get a handle on their internal data, and the data they manage on behalf of customers. This is our next big professional hurdle. If any of you have wondered why security is factoring so heavily in the managed services professional community, this is one of the reasons why.

It is relatively certain that this law will be challenged in the courts. Until that happens, MSPs located within or doing business in California had better become familiar with CCPA. Something tells me this is not going to go away soon.

Tags : CCPA,cloud,data management,GDPR,managed services,MSP

Post A Comment
YouTube Logo | MSPAlliance

Subscribe to MSPAlliance on YouTube!

Explore a world of valuable content, including full-length podcast episodes and clips, thought-provoking special interviews, immersive events, enriching webinars, live streams, and more.

Join our community on YouTube, subscribe to our channel, and elevate your MSP journey!

Mobile and Laptop device image of YouTube MSPAlliance Channel | MSPAlliance

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

First Name *
Last Name: *
Contact Email: *
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.






Contact us


510 Meadowmont Village Cir, #289 | Chapel Hill, NC 27517

MSP News

Sign up for MSP News, the weekly newsletter bringing you news and analysis from the managed services industry.