What is CCPA Compliance
The California Consumer Privacy Act (CCPA) is a state law in California, enacted in 2018, and came into force on January 1, 2020. CCPA provides consumers in California with greater control over how their personal data is collected, stored, and processed. It was further amended in 2023 by the California Privacy Rights Act (CPRA) to add stronger protections and create a dedicated enforcement agency known as the California Privacy Protection Agency (CPPA).
CCPA Compliance
Who it applies to
Not every enterprise falls under the CCPA. The law targets for-profit organizations doing business in California that cross at least one of three thresholds — earning over $25 million in annual revenue, handling personal data of 100,000 or more consumers or households per year, or making at least half their revenue from selling consumer data. One thing worth noting: a company doesn’t need to be based in California to be covered. If it serves California residents, it falls within scope.
Business Obligations
Organizations subject to CCPA compliance must meet these requirements:
- Notice obligations: Enterprises must notify customers about collecting their data before the point of collection and highlight the information they collect, purpose of data collection, how the data will be used, and a link to their data privacy policy.
- Communicating consumer rights: Enterprises must convey all the specific rights that the CCPA provides to customers.
- Handle customer requests: Enterprises must lay down processes to manage and respond to consumer requests with respect to the rights they have. Moreover, they are required to respond within 45 calendar days once a verifiable request is received.
Penalties
The California Attorney General has the authority to impose civil fines of up to $2,500 for unintentional violations and $7,500 in case of intentional violations.
What CCPA Compliance Offers to Consumers
Under the CCPA, California residents can ask an organization exactly what data it holds on them and why. They can request deletion of that data, opt out of it being sold or shared, and expect to be treated the same, whether or not they exercise these rights. The CPRA further introduced another right, the ability to correct personal information that is inaccurate or incomplete.
People Also Ask
What are the business obligations under CCPA compliance?
Three main business obligations under the CCPA compliance are:
- Notification of data collection
- Communicating consumer rights
- Handle customer requests
What is the penalty for violating CCPA compliance?
Fines or penalties can be imposed of up to $2,500 for unintentional violations and $7,500 for intentional ones.
