CCPA/CPRA

CCPA (California Consumer Privacy Act) and its amendment CPRA grant California residents rights over their personal data and impose obligations on businesses.

CCPA/CPRA are California's comprehensive privacy laws that give consumers control over their personal information.

Consumer rights: - Right to Know: What data is collected - Right to Delete: Request data deletion - Right to Opt-Out: Stop data sale/sharing - Right to Correct: Fix inaccurate data - Right to Limit: Restrict sensitive data use

Applies to businesses that: - Gross revenue over $25 million - Buy/sell 100,000+ consumers' data - 50%+ revenue from selling data

CPRA additions: - Created California Privacy Protection Agency - "Sensitive personal information" category - Data minimization requirements - Sharing (not just selling) restrictions

Why It Matters

CCPA/CPRA affects any business serving California's 40 million residents, regardless of where the business is located. With fines up to $7,500 per intentional violation and a private right of action for data breaches, non-compliance creates significant financial exposure. As other US states adopt similar laws, CCPA compliance positions organizations well for the broader US privacy landscape.

Key Points

Applies to businesses serving California residents

Opt-out right for data sales and sharing

Private right of action for breaches

CPRA strengthened CCPA in 2023

Fines up to $7,500 per intentional violation

Applicable Compliance Frameworks

GDPR

Related Terms

GDPR

GDPR (General Data Protection Regulation) is the EU's comprehensive data privacy law that governs how organizations collect, process, and protect personal data of EU residents.

Data Privacy

Data privacy refers to the proper handling of personal information including how it is collected, used, shared, and protected in compliance with regulations.

Privacy by Design

Privacy by Design is an approach that embeds privacy into the design and architecture of systems from the start, rather than adding it later.