California Consumer Privacy Act (CCPA)

What is the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA), effective since January 1, 2020, is a data privacy law enacted in California, aiming to bolster consumer privacy rights and empower residents to control their personal information. 

Who Does the CCPA Apply To?

Applicable to businesses collecting and processing personal data of California residents, regardless of their location, certain criteria like revenue thresholds or interactions with California consumers determine coverage. 

The California Consumer Privacy Act (CCPA) applies to organizations that do any business in California and meet one of the following criteria:

  • Gross annual revenue of $25 million or more.
  • Buy, receive, or sell the personal information of at least 50,000 California residents, households, or devices.
  • Obtain 50% or more of their annual revenue from selling the personal information of California residents.

The CCPA does not apply to nonprofit organizations, government agencies, or certain kinds of financial institutions.

Businesses under CCPA must prominently feature a "Do Not Sell My Personal Information" link on their homepage, enabling consumers to opt out of information sales. They are obligated to disclose collected personal data and its purposes upon request. Additionally, CCPA mandates businesses to implement reasonable security measures, preventing unauthorized access or misuse of personal information, and prohibits selling minors' data without their opt-in consent.

CCPA affords Californian consumers rights, such as knowing collected information, requesting data deletion, opting out of data sale, and protection against discrimination for privacy rights exercise. Covered businesses must provide accessible privacy notices, disclose information categories, and establish processes for consumer requests and data breaches.

Understanding Your Rights: What the CCPA Means for You

The CCPA empowers you with control over your personal information:

  • Know What's Collected: Businesses must disclose what personal data they collect and how it's used.
  • Request Deletion: You have the right to request that companies delete your personal information, with some exceptions.
  • Opt Out of Data Sales: Prevent businesses from selling your information to third parties.
  • Avoid Discrimination: Businesses cannot penalize you for exercising your CCPA rights, like charging extra for services. However, some functionalities may be limited, such as saving shipping details after a data deletion request.

‍Non-compliance With CCPA

Non-compliance results in significant penalties—up to $7,500 per intentional violation and $2,500 per unintentional one, enforceable by the California Attorney General. Consumers can seek damages of $100 to $750 per incident or actual damages for certain data breaches.

The law extends implications globally, affecting companies handling California residents' data. Compliance, regardless of location, requires mechanisms for consumer requests, privacy disclosures, and respecting opt-out preferences. Global companies may need to update policies, verify identities, and establish procedures for CCPA-related obligations.


In summary, CCPA provides significant privacy rights and protections for California consumers, imposing transparency and security obligations on businesses in their data practices. Compliance is crucial, not only for those within California but also for global entities dealing with California residents' data.

See All Glossary Items
Cloud Data Security

Recommended From Sentra