CCPA Compliance Guide
California Consumer Privacy Act for consumer data protection and privacy rights in California
The California Consumer Privacy Act (CCPA) is a comprehensive privacy law that gives California residents new rights regarding their personal information and imposes various data protection duties on businesses. Enhanced by the California Privacy Rights Act (CPRA) in 2020.
Effective Date
January 1, 2020
CPRA Enhancement
January 1, 2023
Max Penalty
$7,500 per violation
CCPA Applicability Thresholds
Gross annual revenues in the preceding calendar year
Buy, sell, or share personal information of 50,000 or more consumers annually
Derive 50% or more of annual revenues from selling consumers' personal information
Note: A business must meet any ONE of these thresholds to be subject to CCPA requirements.
Consumer Rights Under CCPA
Know what personal information is collected, used, shared or sold
Request deletion of personal information held by businesses
Opt-out of the sale of personal information
Not be discriminated against for exercising privacy rights
Request correction of inaccurate personal information (CPRA amendment)
Limit use and disclosure of sensitive personal information (CPRA amendment)
Business Obligations
Implementation Roadmap
- Determine CCPA applicability
- Identify personal information categories
- Map data flows and third-party sharing
- Assess current privacy practices
- Update privacy policy with CCPA disclosures
- Create consumer rights request procedures
- Develop opt-out mechanisms
- Establish verification processes
- Build consumer request portals
- Implement data deletion capabilities
- Create opt-out preference signals
- Deploy identity verification systems
- Train customer service teams
- Establish ongoing monitoring
- Conduct regular compliance audits
- Maintain compliance documentation
CPRA Enhancements
Ready to Achieve CCPA Compliance?
Get expert guidance on implementing CCPA requirements for your California operations