What is the California Consumer Privacy Act (CCPA)?
The California Consumer Privacy Act is a state statute passed in 2018. It gives California residents new data privacy rights and requires compliance obligations from any for-profit entity that does business with California residents. Enforcement of CCPA regulations went into effect on January 1, 2020.
New privacy rights for California residents include:
- The right to know about the personal information a business collects about them and how it is used and shared
- The right to delete personal information collected from them (with some exceptions)
- The right to opt out of the sale of their personal information
- The right to non-discrimination for exercising their CCPA rights
Public, non-profit entities are exempt from complying with the CCPA. Any business’s contractual provision that would otherwise waive a California resident’s data rights is unenforceable under the CCPA.
The CCPA protects personal information (PI) that identifies, relates to, or could reasonably be linked with a California resident or their household. Examples of CCPA-protected data include social security numbers, credit card numbers, and internet search history. Publicly available information is not protected under the CCPA.
Join CISOs from Calm, Perforce, Xactus, and Vanta for The CISO Playbook, a live panel on how enterprise security leaders demonstrate value to boards, manage risk at scale, and align security programs with growth and executive expectations.
.png)
Join CISOs from Calm, Perforce, Xactus, and Vanta for The CISO Playbook, a live panel on how enterprise security leaders demonstrate value to boards, manage risk at scale, and align security programs with growth and executive expectations.
.png)
Join our demo to learn how Vanta can help you accelerate compliance with deep automation and agentic workflows that handle evidence, policies, and remediation for you across frameworks like SOC 2, ISO 27001, HIPAA, and more.
.png)
.png)
.png)
.png)
.svg)
.svg)
.png)
.png)
.png)