California Consumer Privacy Act (CCPA)

What is CCPA?

The California Consumer Privacy Act (CCPA) is data privacy regulation commonly referred to as the American version of Europe's General Data Privacy Regulation. It protects the personal data of California residents, affording them the ability to know how their data is collected, how it's used, who has access to it, request its deletion, and more.

Which businesses must comply with CCPA?

Regardless of location, businesses must comply with CCPA if they collect, use, disclose, or receive personal information of a California resident and they meet one or more of the following criteria:

• Have annual adjusted gross revenues over $25 million, or

• Buy, receive, sell, or share personal information of at least 50,000 consumers, households, or devices (Note: This threshold can be exceeded inadvertently, because most companies operate websites and inevitably capture IP addresses, which are personal information), or

• Derive 50 percent or more of their revenues from selling consumers’ personal information.

When did CCPA become law?

The law was signed on June 28, 2018 after being introduced to the California State Legislature just months earlier in January 2018. Companies became responsible for abiding by the law as of January 1, 2020, including a 12-month lookback period. Amendments to CCPA have been passed, five of which were integrated in 2019. Another large amendment to the law is on California's November 2020 ballot.