What is the CCPA?
The California Consumer Privacy Act (CCPA) is the comprehensive consumer data privacy law in California. CCPA went into effect in 2018 and the law was later amended by the California Privacy Rights Act (CPRA) in 2020.
Check the criteria below to see if CCPA as amended by CPRA applies to your business. If your business is subject to California's privacy law, you can follow the steps in this guide to comply.
The CCPA applies to businesses dealing with the personal information of Californian residents which meets one of the three following criteria:
- One: Businesses that share the personal information of at least 100,000 consumers or households will be subject to the CCPA.
- Two: Businesses that make $25 million in gross revenue by January 1 of the preceding year are subject to compliance with the CCPA.
- Three: Businesses that receive 50% or more of their gross revenues from sharing or selling personal information are also subject to the CCPA.
CCPA went into effect January 1, 2020.
The California Privacy Rights Act (CPRA) is California’s state legislation to protect the privacy rights of California residents. The CPRA went into effect on January 1, 2023 and mandates all businesses to audit their data collection, storage, processing, and sharing mechanisms to ensure they are in compliance with the law.
The CPRA builds on an earlier piece of legislation known as the California Consumer Privacy Act (CCPA), which came into effect on January 1, 2020. With the introduction of the CPRA, California will be the first US State to introduce a dedicated data protection authority, similar to those more commonly found in Europe: the California Privacy Protection Agency (CPPA).
Businesses have until January 1, 2023, to comply with this new regulation.
The CPPA (California Privacy Protection Agency) will only begin enforcement from July 1, 2023. However note these can be applied retrospectively to January 1, 2023.