Prepare for California Consumer Privacy Act (CCPA)

California Consumer Privacy Act (CCPA) offers California consumers control over their personal information, data privacy rights, and the right to know, delete, or opt-out of the sale of personal information collected by businesses.

Definition of CCPA

CCPA is a state-wide data privacy law that regulates how businesses can handle personal data of California residents. It was introduced on January 1, 2020, and is the first law of the kind in the United States.

Who is covered under CCPA?

Any for-profit entity that does business in California and collects, sells, or shares consumer data and,

·       Has annual gross revenue exceeding 25 million, or

·       Possesses personal information of 50,000 or more consumers, or

·       Earn more than half of annual revenue by selling consumer’s personal information

How does the regulation work?

Under the regulation, Californians are allowed to sue companies for failing to prevent data breaches and prevent personal data from being misused. Californians can also opt-out of sharing their data with companies under the regulation.

CCPA requirements

To comply with CCPA, one has to:

–        Identify and classify data assets

–        Find out where the CCPA personal information is located and stored

–        Determine the risky data and check access permissions

–        Locate personal data that is stale

–        Adjust required permissions

–        Deploy role-based access controls

–        Delete stale personal data

–        Monitor personal data against threats

–        Review data permissions continually

–        Adjust protocols against cyber threats

–        Organize relevant data

Consequences and Penalties for violations

There are two types of penalties for violations:

–        Civil penalties

–        Private Right of Action

Civil penalties

Civil penalties for CCPA violation includes:

–        2500 for non-intentional violation

–        7500 for intentional violation

Any business that cures its noncompliance within 30 days of being notified does not need to pay the penalties. However, some noncompliance cannot be cured.

Private Right of Action

–        $100 to $750 per customer per incident, or actual damages whichever is greater

–        Relief that courts deem to be proper

–        Declaratory or injunctive relief

Benefits and drawbacks of CCPA


–        Greater transparency from companies

–        Customers have the right to know about all data collected about them and will be able to request this data for free twice per year

–        Customers have the right to opt-out of getting data sold

–        Customers can request the data to be deleted, can sue companies if their data is stolen, and can stand against identity theft

–        Businesses get a competitive advantage that compliance brings


–        Regulatory compliance with CCPA means businesses need to get more work done to ensure compliance

–        CCPA can be costly to businesses

–        Customers can request businesses to either completely delete their data or keep all of it, a choice which is not always the customer’s choice

Best Practices for Complying with the CCPA

The best practices for CCPA compliance are:

–        Create an internal privacy framework that lays out how you will comply with CCPA

–        Do more with less data, by minimizing the data you collect, store, use and transmit

–        Automate compliance tools for data mapping tools, data protection, managing consent

–        Be specific about the posture of your internal and external privacy

Additional Resources for Further Investigation

Refer to the original CCPA link to get additional details about CCPA regulations.


Conforming to CCPA standards does not have to be much of a hassle. Databrackets is here to help. Our experts and consultants can help you get a cost-effective CCPA readiness assessment, so you can focus on profitability rather than wasting your time on understanding the ins and outs of CCPA to the core. Schedule a consultation with us today!

The following two tabs change content below.
Our mission is to assist organizations in developing and implementing practices to secure data and comply with regulations. With several years of experience in the IT and health care industries, databrackets is poised to meet the needs of your organization via: - Consulting Services - Online, Do-it-yourself Toolkits for Security Risk Assessment - Education (Training, Webinar, and Workshops) For details on how databrackets can provide customized assistance for your organization, please contact us at