Compliance

CCPA

The California Consumer Privacy Act is a state privacy law that gives California residents rights over their personal information and imposes obligations on businesses that collect or sell that data.

Also known as:California Consumer Privacy ActCalifornia Privacy Law

What is CCPA?

The California Consumer Privacy Act (CCPA), effective January 1, 2020, is a comprehensive privacy law that grants California residents specific rights regarding their personal information. It was later amended and strengthened by the California Privacy Rights Act (CPRA) in 2023.

Consumer Rights

  • Right to Know: What personal information is collected
  • Right to Delete: Request deletion of personal data
  • Right to Opt-Out: Of sale/sharing of personal information
  • Right to Non-Discrimination: For exercising privacy rights
  • Right to Correct: Inaccurate personal information (CPRA)
  • Right to Limit: Use of sensitive personal information (CPRA)

Business Obligations

  • Provide privacy notices at collection
  • Respond to consumer requests within 45 days
  • Implement reasonable security measures
  • Maintain records for 24 months
  • Train employees handling consumer inquiries

Who Must Comply

Businesses that:

  • Have gross annual revenue over $25 million
  • Buy, sell, or share data of 100,000+ consumers/households
  • Derive 50%+ of revenue from selling personal information

Penalties

  • Up to $2,500 per unintentional violation
  • Up to $7,500 per intentional violation
  • Private right of action for data breaches
Previous

Business Continuity

Next

Certificate Authority (CA)