Skip to main content
Oximy
Compliance

CCPA

The California Consumer Privacy Act is a state privacy law that gives California residents rights over their personal information and imposes obligations on businesses that collect or sell that data.

Also known asCalifornia Consumer Privacy ActCalifornia Privacy Law
Full Definition

What is CCPA?

The California Consumer Privacy Act (CCPA), effective January 1, 2020, is a comprehensive privacy law that grants California residents specific rights regarding their personal information. It was later amended and strengthened by the California Privacy Rights Act (CPRA) in 2023.

Consumer Rights

  • Right to Know: What personal information is collected
  • Right to Delete: Request deletion of personal data
  • Right to Opt-Out: Of sale/sharing of personal information
  • Right to Non-Discrimination: For exercising privacy rights
  • Right to Correct: Inaccurate personal information (CPRA)
  • Right to Limit: Use of sensitive personal information (CPRA)

Business Obligations

  • Provide privacy notices at collection
  • Respond to consumer requests within 45 days
  • Implement reasonable security measures
  • Maintain records for 24 months
  • Train employees handling consumer inquiries

Who Must Comply

Businesses that:

  • Have gross annual revenue over $25 million
  • Buy, sell, or share data of 100,000+ consumers/households
  • Derive 50%+ of revenue from selling personal information

Penalties

  • Up to $2,500 per unintentional violation
  • Up to $7,500 per intentional violation
  • Private right of action for data breaches
Previous

Business Continuity

Next

Certificate Authority (CA)