California Consumer Privacy Act (CCPA)

The CCPA is the California Consumer Privacy Act, a data privacy law introduced in 2018 and enacted in 2020. It protects some of Californians’ personal information and their rights to maintain some control over that information. The CCPA covers all California residents, which means that any businesses that are covered by the law and have customers in California must comply with it, even if the business is in another state or continent. All for-profit companies with gross revenue of $25 million are bound by the CCPA, as well as businesses with personal information on 50,000 customers.

CCPA requirements

The rights that the CCPA gives California residents are:

  • The right to know: businesses must provide information for customers explaining what data is collected and how that data is used, including which third parties received the data.
  • The right to delete: customers can request that certain information be deleted from a business’s database. They can also request that inaccurate information be deleted or corrected.
  • The right to opt out: every business website should have a clearly defined button for customers to select “Do Not Sell My Personal Information” if they don’t want that business to sell their information. Customers can also learn whether a business is selling their information by submitting a request for that information.
  • A notice at collection: consumers have a right to receive a notice when and why their information is collected. The notice at collection must also have a Do Not Sell link if the customer’s data will be sold to third parties so that the customer has the option of preventing the business from selling their information.

These regulations do have some exceptions, and only certain businesses are required to comply with them. For example, nonprofit organizations are not bound by CCPA, and neither are certain credit reporting agencies. California residents are also limited in the legal actions they can take when businesses don’t meet CCPA regulations. They may only sue in certain cases of data breach. The California attorney general can take action against a business that has run afoul of the law, but the California government website states that the attorney general does not directly represent residents or their complaints against businesses.

The CCPA – and businesses’ scramble to comply with its strictures – have highlighted the proliferation of personal data sales. While businesses rely on huge amounts of customer information to market products and manage customer relationships, privacy regulations remind consumers and businesses alike that using others’ data is a privilege, not a right. The California Privacy Rights Act (CPRA), part of the November 2020 ballot, would amend and strengthen the CCPA and give businesses around twelve to eighteen months to put it into place.

Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

Nimble CRM

Nimble CRM is a social CRM (customer relationship management) with sales and marketing...

What is Insightly CRM?

Insightly CRM is customer relationship management (CRM) software that focuses on an intuitive,...

Indicators of Compromise

When a system administrator finds anomalous or malicious behavior within network...