California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA), effective since January 1, 2020, is a data privacy law enacted in California, aiming to bolster consumer privacy rights and empower residents to control their personal information. Applicable to businesses collecting and processing personal data of California residents, regardless of their location, certain criteria like revenue thresholds or interactions with California consumers determine coverage.

Businesses under CCPA must prominently feature a "Do Not Sell My Personal Information" link on their homepage, enabling consumers to opt out of information sales. They are obligated to disclose collected personal data and its purposes upon request. Additionally, CCPA mandates businesses to implement reasonable security measures, preventing unauthorized access or misuse of personal information, and prohibits selling minors' data without their opt-in consent.

CCPA affords Californian consumers rights, such as knowing collected information, requesting data deletion, opting out of data sale, and protection against discrimination for privacy rights exercise. Covered businesses must provide accessible privacy notices, disclose information categories, and establish processes for consumer requests and data breaches.

Non-compliance results in significant penalties—up to $7,500 per intentional violation and $2,500 per unintentional one, enforceable by the California Attorney General. Consumers can seek damages of $100 to $750 per incident or actual damages for certain data breaches.

The law extends implications globally, affecting companies handling California residents' data. Compliance, regardless of location, requires mechanisms for consumer requests, privacy disclosures, and respecting opt-out preferences. Global companies may need to update policies, verify identities, and establish procedures for CCPA-related obligations.

In summary, CCPA provides significant privacy rights and protections for California consumers, imposing transparency and security obligations on businesses in their data practices. Compliance is crucial, not only for those within California but also for global entities dealing with California residents' data.

See All Glossary Items
Cloud Data Security

Recommended From Sentra