CCPA is the California Legislation that is Defining US Privacy
The California Consumer Privacy Act (CCPA) was the first comprehensive US state privacy legislation and was passed in June of 2018, becoming effective January 1, 2020. The Act gives California citizens more control of their personal information and requires organizations to better safeguard information from unauthorized use and access.
The legislation provides citizens the right to know what data companies collect on them, the right to tell companies not to share or sell their personal data and provides sanctions and remedies against organizations that fail to safeguard and use California citizen personal information properly.
What are the specific rights granted under CCPA?
- Citizens can request two times a year what information is being collected on them.
- Say no to the sale of personal information.
- The right to sue companies if they do not protect information reasonably (example, the company did not encrypt a citizens personal data).
- The right to have information deleted.
- The right to non-discrimination against citizens who request that their information not be sold.
- The right to be informed of what information will be collected before the collection occurs.
- Sale of children’s information requires a mandatory opt-in.
- Right to know what data is shared with 3rd parties.
- Right to know where additional data was acquired.
- Right to know the purpose for collecting personal data.
How will the CCPA be enforced?
The CCPA has two enforcement provisions. First, the California AG can bring action against companies for violations. Second, consumers can initiate private action in the case of a data breach. CCPA provides guidelines for statutory damages or the consumer may try to prove actual damages.
Here are additional resources to learn more about CCPA:
- Californians for Consumer Privacy, About the Law
- State of California Attorney General, California Consumer Privacy Act (CCPA)
You just learned about CCPA, now explore related terms like GDPR,, HIPAA, COPPA and Privacy Shield.