The California Consumer Privacy Act (CCPA) is a state-level privacy law that came into effect on January 1, 2020. It grants California residents specific rights over their personal information and imposes obligations on certain businesses that collect, use, or share that data. It aims to enhance transparency and give consumers more control over how their data is handled.

Consumer Rights Under CCPA

The CCPA provides several important rights, including the right to know what personal information is collected, the right to request deletion of personal data, and the right to opt out of the sale of personal information. Businesses must also provide a “Do Not Sell My Personal Information” link on their websites and cannot discriminate against consumers for exercising their privacy rights.

Business Compliance Requirements

CCPA applies to businesses that meet specific thresholds (e.g., $25 million in annual revenue, or data of 100,000+ consumers). These businesses must update privacy policies, disclose data practices, implement mechanisms for consumer requests, and train staff on compliance procedures. Enforcement is handled by the California Attorney General, with potential fines for non-compliance. Additionally, the CPRA (California Privacy Rights Act), which builds on CCPA, expands obligations further—introducing new rights and a dedicated enforcement agency.

CCPA is a critical step in the growing trend of U.S. data privacy regulation. Even companies outside California should prepare, as similar laws emerge in other states.