California Consumer Privacy Act (CCPA)

Compliance Hub

Compliance Hub

1 min read
California Consumer Privacy Act (CCPA)
Photo by Vital Sinkevich / Unsplash

Introduction

The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. The bill was passed by the California State Legislature and signed into law by Jerry Brown, the Governor of California, on June 28, 2018, and went into effect on January 1, 2020.

Rights under CCPA

The CCPA grants new rights to California consumers:

  1. The right to know what personal information is collected, used, shared, or sold. This includes both the categories and specific pieces of personal information.
  2. The right to delete personal information held by businesses, subject to certain exceptions.
  3. The right to opt-out of the sale of personal information. Consumers can direct a business to stop selling their personal information.
  4. The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.

Businesses Subject to CCPA

The CCPA applies to any business, including any for-profit entity that collects consumers' personal data, which does business in California, and satisfies at least one of the following thresholds:

  • Has annual gross revenues in excess of $25 million;
  • Buys or sells the personal information of 50,000 or more consumers or households; or
  • Earns more than half of its annual revenue from selling consumers' personal information.

Penalties for Non-Compliance

The CCPA is enforced by the California Attorney General. It provides for civil penalties of up to $7,500 per violation for intentional violations and $2,500 for unintentional violations.

Conclusion

The CCPA represents a significant step in privacy law. As the first law of its kind in the United States, it's likely to set a precedent for privacy legislation in other states, and potentially at the federal level. Businesses should ensure they are in compliance with the CCPA to avoid penalties and to maintain trust with their customers.

Sources:

Please note that this article is a summary and does not cover all aspects of the CCPA. For full details, please refer to the text of the law or consult with a legal professional.

Read more

EU Chat Control Passes Committee on November 26, 2025: "Voluntary" Surveillance, Mandatory Age Verification, and the Political Deception That Got It Through

EU Chat Control Passes Committee on November 26, 2025: "Voluntary" Surveillance, Mandatory Age Verification, and the Political Deception That Got It Through

Published: November 27, 2025 Executive Summary On November 26, 2025, EU ambassadors in the Committee of Permanent Representatives (COREPER) approved a revised Chat Control proposal by a close split vote—but contrary to celebratory headlines claiming the EU "backed away" from mass surveillance, the approved text represents what

By Compliance Hub
France's Encryption War Escalates: GrapheneOS Exodus Signals Dangerous Precedent for Open Source Privacy Tech

France's Encryption War Escalates: GrapheneOS Exodus Signals Dangerous Precedent for Open Source Privacy Tech

Executive Summary: The GrapheneOS project's dramatic withdrawal from France in November 2025 represents a watershed moment in the escalating global conflict between privacy technology and state surveillance powers. This case follows an established pattern of French law enforcement targeting encrypted communications platforms, but marks the first time authorities

By Compliance Hub
Generate Policy Global Compliance Map Policy Quest Secure Checklists Cyber Templates