What is the California Consumer Privacy Act (CCPA)?
The California Consumer Privacy Act is a state statute passed in 2018. It gives California residents new data privacy rights and requires compliance obligations from any for-profit entity that does business with California residents. Enforcement of CCPA regulations went into effect on January 1, 2020.
New privacy rights for California residents include:
- The right to know about the personal information a business collects about them and how it is used and shared
- The right to delete personal information collected from them (with some exceptions)
- The right to opt out of the sale of their personal information
- The right to non-discrimination for exercising their CCPA rights
Public, non-profit entities are exempt from complying with the CCPA. Any business’s contractual provision that would otherwise waive a California resident’s data rights is unenforceable under the CCPA.
The CCPA protects personal information (PI) that identifies, relates to, or could reasonably be linked with a California resident or their household. Examples of CCPA-protected data include social security numbers, credit card numbers, and internet search history. Publicly available information is not protected under the CCPA.
Join our Coffee and Compliance session, where our experts, Ethan Heller, GRC, Subject Matter Expert at Vanta, and Brad Dispensa,WWPS Specialist SA at Amazon Web Services (AWS) cover some of the challenges of SOC 2 compliance and show how Vanta and AWS work together to simplify and accelerate SOC 2 compliance.