California Consumer Privacy Act: CCPA Compliance
What is the CCPA?
The California Consumer Privacy Act (CCPA) was the first modern and comprehensive privacy law passed in the US. It came into effect July 1, 2020, creating a number of data privacy rights for consumers and data processing responsibilities for companies.
Visit the common CCPA questions and answers
COMPLIANCE
How to comply with the California data privacy law
The CCPA regulates the sale and sharing of California residents’ personal data, and California residents have the right to opt out of such selling or sharing. Prior consent does need to be obtained before processing the data of minors. Businesses are also required to provide a privacy policy and a notice at collection about data processing.
RISKS
What are the consequences of CCPA noncompliance?
Under the CCPA, the California Attorney General had sole enforcement authority. With the introduction of the California Privacy Rights Act (CPRA), enforcement is now shared with the California Privacy Protection Agency (CPPA).
Civil penalties can be up to $2,663 per unintentional violation, or up to $7,988 per intentional violation or for violations involving minors. Individuals can sue companies for violations related to data breach events affecting them (private right of action) and can seek statutory damages between $107 and $799 per incident.
your questions answered
Contact our expert team
We’re happy to answer questions about data privacy, compliant marketing operations, and the CCPA. Usercentrics’ Consent Management Platform helps you build trust and avoid penalties. Learn more today.
- Interested in how privacy compliance benefits user experience and your marketing strategies?
- Not sure if your business is privacy-compliant in California?
- Need clarity on what your company’s compliance responsibilities are?
- Looking to partner with us?
Learn more
Frequently asked questions
What are consumer rights under the CCPA?
The CCPA grants California residents the following rights over their data and its use:
- Right to know and access: what personal information businesses have about them
- Right to know: whether their personal information that the business has is sold or disclosed and to whom
- Right to delete: request businesses to delete the personal information that was collected from the consumer
- Right to limit: limit the use or disclosure of their sensitive personal information
- Right to opt out: to opt out of the sale, share or use of their personal information for profiling or targeted advertising
- Right of nondiscrimination: not to be discriminated against for exercising any of their rights under the CCPA
- Right to correct: any incomplete or inaccurate personal information that a business holds about them be corrected
What are the penalties for CCPA noncompliance?
The California Attorney General or CPPA can levy civil penalties up to $2,663 per unintentional violation, or up to $7,988 per intentional violation or for violations involving minors. Individuals also have a private right of action and can sue companies for violations relating to data breach events affecting them and their data, and can seek statutory damages between $107 and $799 per incident.
What is CCPA compliance software?
CCPA compliance software enables companies to comply with the law’s requirements, like providing consumers with information about data processing and exercising their rights, and enabling them to opt out of the sale of their personal information.
Can a consent management platform enable CCPA compliance?
A consent management platform (CMP) is a type of CCPA compliance software that can enable regulatory compliance for websites and apps. It can present users with information about cookies and trackers in use that collect personal data, and enable granular consent choices. It also securely stores consent information over time.