The five bills the California legislature passed at the end of its 2019 session amending the CCPA have injected even more uncertainy into the compliance process. In a recent interview with the Cybersecurity Law Report, Ropes & Gray partner Melissa Bender and counsel Catherine Skulan discussed the recent amendments (which must be signed by the Governor by October 13, 2019, to become law) to the Act and how to approach compliance, including an explanation on how to conduct and use a data-mapping exercise and what future enforcement may look like. Another, upcoming article will contain their insights on how fund managers can determine if they are subject to the CCPA, including a detailed discussion of how the carve-out for entities subject to the GLBA will provide some, but likely not complete, relief from compliance with the CCPA. See our two-part series on preparing for the CCPA: “Securing Buy-In and Setting the Scope” (Feb. 27, 2019); and “Best Practices and Understanding Enforcement” (Mar. 6, 2019).