Beginner’s Guide to CCPA Compliance | CompliancePoint

Beginner’s Guide to CCPA Compliance | CompliancePoint

November 13, 2021 Off By administrator

Overview of the California Consumer Privacy Act (CCPA)

The CCPA is currently the most comprehensive personal data protection law in the United States. CCPA compliance requires adherence to certain consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. The effective date of this law was January 1st, 2020, and the California Attorney General began enforcement action under the CCPA on July 1st, 2020.

Below is an overview of who and what is subject to the CCPA’s jurisdiction (scope) and the details of what CCPA compliance requires of companies that are subject to CCPA provisions, which include:

  • Honoring consumer privacy rights;
  • Providing appropriate notices and disclosures to consumers;
  • Maintaining a reasonable level of security of personal information;
  • Contract obligations with service providers;
  • Notification of data breaches;
  • Workforce training; and
  • Retaining specific records.

“These giant corporations know absolutely everything about you, and you have no rights. I thought, oh, I’d like to find out about what these companies know about me. Then I thought, well, someone should do something about that. Maybe I’m someone.”

-Alastair Mactaggart

The CCPA started out as a ballot initiative in early 2018 and was signed into law in June of 2018. The ballot initiative was led by Alastair Mactaggart, who focused the initiative on three main principles: transparency, control, and accountability. Mactaggart was initially concerned that, in a world where most people have no option but to have a phone or computer, how can they maintain control over their personal data to ensure it stays personal?

The ballot initiative was so popular with the public that lawmakers feared the initiative would become effective immediately without going through the usual legislative process. To prevent this, legislators and Mactaggart agreed that the ballot initiative would be withdrawn if the Governor signed the CCPA by June 29th. The CCPA was agreed to be based on the original ballot’s three principles of transparency, control, and accountability.

While the CCPA dominates the privacy space for now, the California Privacy Rights Act (CPRA), (passed in November 2020) as well as data privacy legislation in Colorado (CPA) and Virginia (VCDPA) go into effect in 2023. Further, states continue to propose data privacy legislation and 2022 looks to be just as busy as 2021 as far as new legislation is concerned.


The CCPA also applies to businesses that control or are controlled by an entity that meets or exceeds one of the criteria below and shares common branding:

  • The CCPA applies to any for-profit business, regardless of its location, that collects the personal information of California residents and meets one or more of the following thresholds;
  • The business’s annual gross revenue is over $25 million; OR
  • The business annually buys, receives, sells, or shares the…

(Excerpt) To read the full article , click here
Image credit: source