California Consumer Privacy Act (CCPA)

The CCPA is the California Consumer Privacy Act, a data privacy law introduced in 2018 and enacted in 2020. It protects some of Californians’ personal information and their rights to maintain some control over that information. The CCPA covers all California residents, which means that any businesses that are covered by the law and have customers in California must comply with it, even if the business is in another state or continent. All for-profit companies with gross revenue of $25 million are bound by the CCPA, as well as businesses with personal information on 50,000 customers.

CCPA requirements

The rights that the CCPA gives California residents are:

  • The right to know: businesses must provide information for customers explaining what data is collected and how that data is used, including which third parties received the data.
  • The right to delete: customers can request that certain information be deleted from a business’s database. They can also request that inaccurate information be deleted or corrected.
  • The right to opt out: every business website should have a clearly defined button for customers to select “Do Not Sell My Personal Information” if they don’t want that business to sell their information. Customers can also learn whether a business is selling their information by submitting a request for that information.
  • A notice at collection: consumers have a right to receive a notice when and why their information is collected. The notice at collection must also have a Do Not Sell link if the customer’s data will be sold to third parties so that the customer has the option of preventing the business from selling their information.

These regulations do have some exceptions, and only certain businesses are required to comply with them. For example, nonprofit organizations are not bound by CCPA, and neither are certain credit reporting agencies. California residents are also limited in the legal actions they can take when businesses don’t meet CCPA regulations. They may only sue in certain cases of data breach. The California attorney general can take action against a business that has run afoul of the law, but the California government website states that the attorney general does not directly represent residents or their complaints against businesses.

The CCPA – and businesses’ scramble to comply with its strictures – have highlighted the proliferation of personal data sales. While businesses rely on huge amounts of customer information to market products and manage customer relationships, privacy regulations remind consumers and businesses alike that using others’ data is a privilege, not a right. The California Privacy Rights Act (CPRA), part of the November 2020 ballot, would amend and strengthen the CCPA and give businesses around twelve to eighteen months to put it into place.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Complete List of Cybersecurity Acronyms

Cybersecurity news and best practices are full of acronyms and abbreviations. Without understanding what each one means, it's difficult to comprehend the significance of...

Human Resources Management System

A Human Resources Management System (HRMS) is a software application that supports many functions of a company's Human Resources department, including benefits administration, payroll,...

How To Defend Yourself Against Identity Theft

Almost every worldwide government agency responsible for identity theft issues will tell you the same thing: The first step to fighting identity theft is...


An infographic is a visual representation of information or data. It combines the words information and graphic and includes a collection of imagery, charts,...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...