California Consumer Privacy Act (CCPA)

The CCPA is the California Consumer Privacy Act, a data privacy law introduced in 2018 and enacted in 2020. It protects some of Californians’ personal information and their rights to maintain some control over that information. The CCPA covers all California residents, which means that any businesses that are covered by the law and have customers in California must comply with it, even if the business is in another state or continent. All for-profit companies with gross revenue of $25 million are bound by the CCPA, as well as businesses with personal information on 50,000 customers.

CCPA requirements

The rights that the CCPA gives California residents are:

  • The right to know: businesses must provide information for customers explaining what data is collected and how that data is used, including which third parties received the data.
  • The right to delete: customers can request that certain information be deleted from a business’s database. They can also request that inaccurate information be deleted or corrected.
  • The right to opt out: every business website should have a clearly defined button for customers to select “Do Not Sell My Personal Information” if they don’t want that business to sell their information. Customers can also learn whether a business is selling their information by submitting a request for that information.
  • A notice at collection: consumers have a right to receive a notice when and why their information is collected. The notice at collection must also have a Do Not Sell link if the customer’s data will be sold to third parties so that the customer has the option of preventing the business from selling their information.

These regulations do have some exceptions, and only certain businesses are required to comply with them. For example, nonprofit organizations are not bound by CCPA, and neither are certain credit reporting agencies. California residents are also limited in the legal actions they can take when businesses don’t meet CCPA regulations. They may only sue in certain cases of data breach. The California attorney general can take action against a business that has run afoul of the law, but the California government website states that the attorney general does not directly represent residents or their complaints against businesses.

The CCPA – and businesses’ scramble to comply with its strictures – have highlighted the proliferation of personal data sales. While businesses rely on huge amounts of customer information to market products and manage customer relationships, privacy regulations remind consumers and businesses alike that using others’ data is a privilege, not a right. The California Privacy Rights Act (CPRA), part of the November 2020 ballot, would amend and strengthen the CCPA and give businesses around twelve to eighteen months to put it into place.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Related Articles

@ Sign

Pronounced at sign or simply as at, this symbol is used in e-mail addressing to separate the user' name from the user's domain name,...


(MUHN-jing) Munging (address munging), is the act of altering an email address posted on a Web page to make it unreadable to bots and...

How to Create an RSS Feed

In the second installment of RSS how-to, we look at some of the nonrequired (optional) channel and item tags, discuss RSS specifications in-depth and...

Dictionary Attack

(n.) (1) A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...