US Privacy Laws (CCPA / CPRA) Training for Malaysian Businesses

A practical one-day programme for Malaysian businesses that handle the personal information of US consumers - whether through e-commerce sales, SaaS and app users, digital advertising, or a US branch or client base. This training focuses on California's CCPA (as amended by the CPRA) as the leading US privacy standard, explains the wider patchwork of US state privacy laws, shows how they differ from Malaysia's PDPA, and sets out what your organisation must do to reduce risk.

Note: US privacy laws are enforced by US regulators such as the California Privacy Protection Agency (CPPA) and state Attorneys General. There is no Malaysian government-issued certification for them. This programme is an awareness and compliance training - participants receive a Certificate of Completion from OrbixTech upon full attendance.

HRD Corp Training Provider Malaysia HRD Corp SBL-Khas Claimable

Who Should Attend

Modules

The US Privacy Landscape & Who Is Covered

Why the United States has no single federal privacy law and relies on a state-by-state patchwork. How the CCPA/CPRA applies to businesses - including non-US businesses - that do business in California, handle California residents' data, and meet the revenue or volume thresholds. Key definitions: consumer, personal information, business, service provider, and third party.

CCPA to CPRA: What Changed

How the California Privacy Rights Act (CPRA) amended and expanded the original CCPA - the new right to correct, the right to limit use of sensitive personal information, the concept of "sharing" for cross-context behavioural advertising, data minimisation and retention expectations, and the creation of the California Privacy Protection Agency (CPPA) as a dedicated enforcer.

Consumer Rights & How to Honour Them

The core consumer rights: the right to know and access, the right to delete, the right to correct, the right to opt out of the sale or sharing of personal information, and the right to limit the use of sensitive personal information. How to receive, verify, and respond to consumer requests within required timeframes, and the rules on non-discrimination for exercising rights.

Sale, Sharing & the "Do Not Sell or Share" Signal

What counts as "selling" and "sharing" personal information under CCPA/CPRA, the mandatory "Do Not Sell or Share My Personal Information" mechanism, honouring opt-out preference signals such as the Global Privacy Control (GPC), and the practical implications for websites, cookies, and advertising pixels.

Notices, Contracts & Service Providers

Privacy policy and notice-at-collection requirements, the distinction between service providers, contractors, and third parties, and the contract terms CCPA/CPRA requires when you share personal information with vendors. What Malaysian businesses acting as service providers to US companies need in their agreements.

Enforcement, Penalties & the Wider State Patchwork

How the CPPA and California Attorney General enforce the law, statutory penalties per violation, and the private right of action for certain data breaches. A practical overview of the common structure of other US state privacy laws (Virginia, Colorado, Connecticut, Texas and more) so you can recognise obligations across states without memorising each statute.

US Privacy Laws vs PDPA: A Malaysian Business Perspective

Side-by-side comparison of the CCPA/CPRA opt-out model and Malaysia's PDPA 2010 (2024 amendment) consent model. Key differences in consumer rights, sale/sharing controls, sensitive data handling, and enforcement - and how to build a dual-compliance approach that satisfies both without duplicating effort.

Final Activity

US Privacy Readiness Workshop - participants assess whether their organisation meets the CCPA/CPRA thresholds, review how consumer requests and opt-out signals would be handled today, and identify gaps in notices, vendor contracts, and website controls. Guided group discussion with a practical US privacy action list to take back to the business.

Key Outcomes

Fee   RM 1,750 per participant

Duration   1 Day (9:00 AM – 5:00 PM)

Venue   Online or in-house at client's office

Level   Intermediate (basic data protection awareness recommended)

HRD Corp Claimable   Yes

Certificate   Certificate of Completion awarded upon full attendance

Frequently Asked Questions

It can. The CCPA (as amended by the CPRA) applies to for-profit businesses that do business in California, handle California residents' personal information, and meet at least one threshold - such as annual gross revenue above US$25 million; buying, selling, or sharing the personal information of 100,000 or more consumers or households; or deriving 50% or more of revenue from selling or sharing personal information. Malaysian companies with US e-commerce sales, SaaS users, or a US presence may fall within scope.

The CPRA (California Privacy Rights Act) amended and expanded the original CCPA. It added new rights such as the right to correct and the right to limit the use of sensitive personal information, introduced the concept of "sharing" for cross-context behavioural advertising, and created the California Privacy Protection Agency (CPPA) as a dedicated enforcement body. When people say "CCPA" today, they usually mean the CCPA as amended by the CPRA - which is how this training treats it.

The United States has no single federal privacy law, so it relies on a growing patchwork of state laws. This training focuses on California's CCPA/CPRA as the leading standard and then explains the common structure of other state laws (such as those in Virginia, Colorado, Connecticut, and Texas) so you can recognise your obligations across multiple states without memorising each statute.

Yes. This US Privacy Laws (CCPA/CPRA) Awareness Training is HRD Corp SBL-Khas claimable for Malaysian employers registered with HRD Corp. Contact us to get the programme details and SBL-Khas claim reference.

It depends on your role and organisation. If your organisation primarily operates under Malaysian PDPA and you need to understand your DPO obligations, start with DPO Foundations Training. If your business handles US consumer data, this US Privacy Laws training covers the CCPA/CPRA obligations that matter most. DPOs handling multiple frameworks benefit from the Advanced DPO Training which covers international frameworks.

Enquire about in-house delivery, group rates, or to confirm HRD Corp SBL-Khas claim details - WhatsApp us or contact us here.