Last year ended with businesses scrambling to be ready for the California Consumer Privacy Act’s January 1 deadline. The CCPA’s entry into force did not, however, resolve implementation complexities or answer myriad questions about how the Act will be interpreted. Moreover, the California Attorney General will finalize regulations during 2020 that are likely to expand compliance obligations and narrow flexibility. How are companies handling these uncertainties? What should companies be doing to prepare for CCPA enforcement beginning on July 1, 2020? How can “reasonable security” be documented?