United Capital Source Logo

What Is The California Consumer Privacy Act (CCPA)?: Guide

California Consumer Privacy Act - CCPA - Top Secret Stamp

Just as U.S companies were getting a hold of GDPR, California became the first U.S state to impose the CCPA. More than data privacy laws, GDPR and CCPA make use feel like taking a deep dive into a pool of acronyms.

Whether it’s the California consumer privacy act (CCPA), or European Union’s General Data Protection Regulation (GDPR), or the California privacy rights act (CPRA), compliance with these data privacy laws is a headache for a business. But it’s equally important because the promise of consumer privacy is what keeps customers coming back to a business.

From marketing professionals to financial institutions, companies have long relied on cookies for collecting consumer’s personal information.

However, with data privacy laws reeling right above your head, it’s going to be a challenging task for companies to send hyper-targeted advertisements.

This article will answer the following questions and guide you through every detail about the California Consumer Privacy Act. We’ll explore why it’s important and how companies can ensure compliance.

Join our Newsletter for great tips and updates.

    We will help you grow your small business.

    Read about the consumer provacy act and the california privacy rights act


    What is the California Consumer Privacy Act of 2020?

    The California Consumer Privacy Act or CCPA or AB 375 is a data privacy act passed by the California State Legislature and came into effect on January 1, 2020. The law’s primary objective is to provide enhanced consumer privacy and protection to California residents by imposing laws that guide businesses that use customers’ sensitive personal information.

    With the enforcement of CCPA, businesses collecting, sharing, and selling consumers’ personal information will now have to follow stringent rules and regulations.

    According to CCPA legislation, companies now have to provide more information to consumers on what companies do with their data. The law controls what personal information is being collected, why the business is collecting the information, and whether the company will share this information with other businesses.

    What is Personal Information Under the CCPA?

    While CCPA has become a headache for many businesses, it’s has come as a blessing in disguise for consumers who value their data privacy. Caring about consumer’s data is the main purpose of this California law.

    With technology penetrating every sector, consumers leave behind more data than they can imagine. With 64.2 ZettaByte (ZB) of data created or replicated in 2020 alone, it has become more important than ever for consumers to keep track of their sensitive data, which companies store and share.

    That’s precisely what CCPA tries to accomplish. According to this law, customer data is not just name and address; it includes the following categories of personal information:

    • Credit card information
    • Health insurance information
    • Unique personal identifier
    • Demographics
    • Electronic network activity information
    • Internet browsing history
    • Postal address
    • Driver’s license number
    • Biometric information
    • Geolocation data
    • Age
    • Commercial information
    • Income
    • Education information
    • IP address
    • Local government records
    • Other personally identifiable information

    This is particular consumer information that most people don’t realize companies collect, share and sell them. While this data works as a gold mine for marketers, but in the wrong hands, it could result in data breaches that put your business and the privacy of a California resident at risk.

    Pro-tip: Note that this is a non-exhaustive list, meaning that there are other pieces of information that the federal government may deem as personal information when consumers sue businesses for non-compliance.

    What are the Rights of California Consumers?

    CCPA offers specific rights to consumers regarding data privacy and personal information. CCPA establishes the following rights for California residents:

    1. Right to opt-out

    Consumers have the right to submit opt-out requests at any time and direct businesses that share and sell consumer data to stop this sale. Businesses have to wait for 12 months to ask consumers to provide opt-in consent again.

    Statutory damages are applicable but actual damages for violation are what the court deems proper


    2. Right to request deletion

    With this right, California residents can submit a deletion request of personal information collected from consumers.

    3. Right to notice

    One of the most fundamental rights under CCPA is the right to written notice. Businesses must inform consumers before collecting their sensitive personal information. As a business, you have to clearly explain the categories under which you collect customers’ personal information. Interestingly, if you collect a California resident’s personal information for a new purpose, you must send a notification again.

    4. Right to access

    Under this right, all California residents can request a business to disclose categories in which they collected personal data, the source of such data collection, the commercial purpose of collecting data, and categories of third parties with which you will share consumer data.

    5. Right to equal service and prices

    According to California Attorney General, CCPA prevents businesses from any discrimination. Businesses falling under CCPA cannot refuse goods or services, provide a different level of quality of goods or services purchased, or charge a higher or lower price based upon consumers’ access to their rights.

    Who is Subject to the California Consumer Privacy Act?

    To prevent a business’s failure and ensure a business values its consumer’s data privacy, California’s Attorney General included rules that include and exempt many companies from complying with CCPA. Your business is liable to a customer in case of a data breach if it fulfills one or more of the following statements:

    • A business has a gross annual revenue of $25 million or more.
    • A business derives more than half of its revenue from selling consumers’ personal information.
    • A business buys, receives, and sells consumer data from 50,000 or more consumers, devices or households.
    • Businesses that handle the personal information of more than 4 million consumers will have to face additional obligations.

    CCPA generally applies to for-profit businesses. However, CCPA applies to non-profit organizations only when:

    • A business makes $20 million every year, but more than 80% of revenue comes from selling consumer data to third parties.
    • A business that receives more than 51,000 website visitors and the business doesn’t sell any personal data.

    As the CCPA verbiage may be challenging to comprehend for people with a non-legal background, we’ve listed the key aspects of this data privacy law in the section below.

    Let’s explore what this law does!

    What Does the California Consumer Privacy Act Do?

    For a business that comes under the jurisdiction of CCPA, the law has various obligations for a business. According to the California Attorney General’s office, businesses that want to remain compliant with the law must:

    • Notify customers in advance about the personal data collected
    • Verify the identity of all consumers making an opt-out request or any other request under the act
    • Respond to consumers requests within a definitive and specified time-period
    • Make it easy and straightforward for consumers to exercise their rights
    • Allow consumers to opt-out and delete personal information from the company’s database
    • Disclose financial incentives received for data sharing and selling to third parties
    • Maintain records of all submitted requests for 24 months and how businesses responded to those requests

    How To Maintain Reasonable Security Procedures and Comply with CCPA:

    To implement reasonable security procedures and comply with this California law, you must focus on the following steps:

    1. Update your website

    First thing first, update the privacy policy by outlining what personal data your business collects and why you’re going to collect it and how you will process it. Ensure your website details how customers can submit requests and how you handle the consumer requests. At the bare minimum, provide a toll-free number for users to get in touch with you.

    2. Create a homepage privacy link

    Also, to ensure complete compliance and don’t forget to display the ‘Do not sell my personal information’ link somewhere on your website, where it’s visible. Link this page to an online form using which consumers can opt-out of having your personal information sold to data brokers and third parties.

    3. Store records of consent

    Ensure to maintain and record the consent of every California resident who has given your business permission to sell or use their personal information. It’s always a good idea to maintain and store records of the opt-out request made by customers.

    This step not only ensures that you can identify California residents’ personal information you can sell and the ones you cannot sell or reuse. By storing records of consent, you demonstrate to the Attorney General that your business follows CCPA compliance.

    4. Focus on the security of personal information

    As the privacy laws focus on the security of consumer’s personal information, it provides California’s Attorney General with the right to impose fines whenever a data breach occurs. From ensuring data encryption to identifying sensitive data, focusing on security could be a game-changer for your business and ensure you remain compliant with the law.

    5. Train employees

    Until you train employees on the key aspects of CCPA and what accounts for personal information, fostering a culture of compliance can be challenging. Training is essential for customer-facing roles. It’s important to train your employees to handle and deal with consumer requests regarding their personal information.

    What is the New California Data Privacy Law?

    California Privacy Rights Act or CPRA is the latest addition to the family of data privacy laws. Unlike CCPA, CPRA aligns closely with the GDPR. CPRA expands CCPA in many ways, including:

    • Doubles the CCPA threshold number of consumers from 50,000 to 100,000, thereby reducing the law’s applicability only to small and midsized businesses.
    • Expands the applicability to businesses that generate most of their annual revenue from sharing personal information of customers.
    • Imposes different requirements and restrictions on aggregate consumer information:
    • Opt-out requirements for disclosure and use
    • Opt-in consent standard for disclosure and use
    • Disclosure requirement

    Wrapping Up

    With governments giving due importance to data privacy laws, both CCPA and CPRA will have far-reaching consequences and impacts on businesses that fail to comply.

    Today with a data theft occurring every 39 seconds, it’s probably the right time for businesses to embrace CCPA and CPRA before hackers gain unauthorized access to customer’s information and put your business at the risk of closing.

    The need of the hour of businesses is ensuring compliance with data laws. In the coming years, more and more states are likely to pass their own set of rules and regulations to put consumers at the front seat of their personal information bandwagon.

    How are you ensuring compliance with CCPA? How has it helped your business protect the personal information of customers?

    We will help you grow your small business.

    Share this post:

    Written by

    Most Recent Articles

    Ready to grow your business? See how much you qualify for:

      Current monthly sales deposit average to your business bank account?

      How much Working Capital would you like for your business?

      Need Instant Help?
      Call Us Now At:

        Current monthly sales deposit average to your business bank account?

        How much Working Capital would you like for your business?

        At UCS, we understand the value of your time and want to ensure that your application has a great chance of approval. Please take note of the following details before applying:
        • To be eligible, it’s necessary to have a business bank account with a well-established U.S. bank such as Chase, Wells Fargo, Bank of America, Citibank, or other major banks. Unfortunately, online-based bank accounts like PayPal, Chime, CashApp, etc., are not permitted.
        • When describing your current average monthly sales deposits to your business bank account, please provide accurate information. Our approval process is based on your current business performance, and it’s essential to provide accurate details about your current sales in the first question on the application form. We cannot approve applications based on projected revenues after receiving funding.
        We appreciate your understanding and cooperation in ensuring a smooth and successful application process.
        1500+ 5 star reviews
        1500+ 5 star reviews

        Take a minute, Get a FREE Consultation

        Your Connection is
        securely encrypted

        $1.2+ Billion Matched to US Businesses