What is the California Consumer Privacy Act (CCPA)?
The California Consumer Privacy Act is a state statute passed in 2018. It gives California residents new data privacy rights and requires compliance obligations from any for-profit entity that does business with California residents. Enforcement of CCPA regulations went into effect on January 1, 2020.
New privacy rights for California residents include:
- The right to know about the personal information a business collects about them and how it is used and shared
- The right to delete personal information collected from them (with some exceptions)
- The right to opt out of the sale of their personal information
- The right to non-discrimination for exercising their CCPA rights
Public, non-profit entities are exempt from complying with the CCPA. Any business’s contractual provision that would otherwise waive a California resident’s data rights is unenforceable under the CCPA.
The CCPA protects personal information (PI) that identifies, relates to, or could reasonably be linked with a California resident or their household. Examples of CCPA-protected data include social security numbers, credit card numbers, and internet search history. Publicly available information is not protected under the CCPA.
.png)
.png)
Hear from CISOs at Calm, Perforce, Xactus, and Vanta for The CISO Playbook - a panel on how enterprise security leaders demonstrate value to boards, manage risk at scale, and align security programs with growth and executive expectations.
.png)
.svg)
.svg)
.png)
.png)
.png)