The CCPA Explained

Clients Rate Lawyers on our Platform 4.9/5 Stars
based on 2,224 reviews

Jump to Section

Need help with a Privacy Policy?

CREATE A FREE PROJECT POSTING
Post Project Now

What Is the CCPA?

The CCPA, more officially known as the California Consumer Privacy Act or AB 375, is a state-wide data privacy law in California. It is the first law of its kind in the U.S.

ContractsCounsel CCPA

Image via Unsplash by rupixen

The CCPA regulates how businesses worldwide can handle personal information, or PI, of California residents. Though the CCPA was passed by the California state legislature in 2018, it first came into effect on January 1, 2020. The law became enforceable on July 1, 2020.

Who Does the CCPA Affect?

The CCPA is similar to the General Data Protection Regulation, or GDPR, in the European Union. As with the GDPR, the CCPA deals with consumers' data privacy rights. The law forces many organizations to protect the privacy rights of their consumers.

The CCPA specifically covers consumers who are California residents. However, businesses around the world must comply with CCPA regulations if they have consumers from California. Businesses do not need to be based in California to fall under the law. Companies do not even need to have a physical presence in California or in the United States to fall under this law if they meet certain requirements.

Requirements for Businesses

Not all businesses must comply with the regulations in the CCPA. The CCPA applies if a company fits in one or more of the following categories:

  • The business buys, sells, or receives personal information of 50,000 or more devices, consumers, or households.
  • The business derives half or more of its revenue from selling personal information of consumers.
  • The business has a gross annual revenue that exceeds $25 million.

Under the CCPA, businesses that handle personal information for more than four million consumers have additional obligations as well.

Exemptions










Volume 0%























A later amendment exempts insurance institutions, agents, and organizations that already fall under similar regulation of the Insurance Information and Privacy Protection Act, or IIPPA, in California.

Additionally, the following businesses are exempt from the CCPA as they are covered under federal data security laws already:

Protections for Consumers

The CCPA allows any California consumer to:

  • Demand to see all information a company has saved about them.
  • Demand to see a full list of all third parties a company shares their data with.
  • Sue companies in cases when privacy guidelines are violated, and consumers can sue companies even if no breach occurs.

California residents, or consumers, have the right to:

  • Opt out of having data sold to third parties.
  • Request disclosure of data that has already been collected.
  • Request that data collected be deleted.
  • Be notified and receive equal prices and services — companies cannot discriminate against consumers based on a consumer's choice to exercise these rights.

What Happens When a Company Is Not in Compliance With the CCPA?

Once regulators notify a business of a violation, the company has 30 days to comply with the law. If the issue is not resolved in that time, businesses are subject to a fine per record.

Fines may be between $100 and $750 per consumer per alleged violation, or the actual damages — whichever amount is greater.

Consumers also have the right to sue businesses if they believe their privacy rights were violated. The CCPA allows for class action lawsuits as well.

Data the CCPA Covers

The CCPA covers personal information. Examples of what the law considers personal information includes:

  • Biometric information.
  • Geolocation data.
  • Characteristics of protected classifications under federal or California law.
  • Identifiers, including:
    • Driver's license number
    • Social Security number
    • Passport number
    • Account name
    • Postal address
    • Email address
    • Online identifier IP address
    • Real name
    • Alias
  • Commercial information, including:
    • Products purchased, obtained, or considered
    • Services purchased, obtained, or considered
    • Records of personal property
  • Purchasing/consuming histories/tendencies.
  • Internet/electronic network activity such as:
    • Browsing history
    • Search history
    • Information about the consumer's interaction with applications, advertisements, or websites
  • Education information, as defined in the Family Education Rights and Privacy Act (FERPA) as not publicly available PII, or personally identifiable information.
  • Audio, electronic, olfactory, thermal, visual, or similar information.

The CCPA also covers inferences drawn from the above information to create a consumer profile reflecting things such as a consumer's:

  • Abilities
  • Aptitudes
  • Attitudes
  • Behavior
  • Characteristics
  • Intelligence
  • Predispositions
  • Preferences
  • Psychological trends

Key Provisions of the CCPA

The CCPA stipulates that companies covered by the law must allow consumers to choose not to have data shared with third parties. In practical terms, that means companies now must be able to separate data they collect following their users' privacy choices.

Companies are not required to report breaches under this law. Additionally, before fines are possible, a consumer must file a complaint.

Enforcement of the CCPA

In addition to granting Californians the right to sue businesses that do not take reasonable precautions to prevent data breaches, the CCPA can be enforced. The Office of the Attorney General of California has the power to enforce the CCPA. However, the state has limited enforcement capabilities, as there are not enough resources to ensure that all companies comply with the law at the same time that they manage non-compliance cases.

What Must a Business Do to Be In Compliance With the CCPA?

If your business falls under the CCPA, you are required to:

  • Allow consumers to deal with their personal data in the business's storage in the following ways:
    • Choosing to opt-out
    • Choosing to read the data
    • Choosing to delete the data
  • Disclose financial incentives for your business to sell or retain a consumer's personal data as well as how you value the data.
  • Respond to requests from consumers within specific timeframes.
  • Verify the identity of any consumer who requests to read/delete their information; this is the case even if the consumer has a password-protected account.
  • Keep records of access requests and how your business responded for 24 months.

You must ensure that your company's website:

  • Includes a "Do Not Sell My Personal Information" link so that users may opt out of third-party data sales.
  • Informs users about categories of personal information collected (and for what purposes) at or before the point of data collection.
  • Obtains opt-in/consent before selling or disclosing personal information of minors under the age of 16; parents or legal guardians must opt in for minors under 13.
  • Updates its privacy policy to include:
    • A description of consumer's rights
    • An explanation of how to exercise rights
    • A list, updated annually, of personal information categories the company collects/sells/discloses
  • Shows consumer privacy settings that signal the choice to opt out.

If your company gets a verifiable request from a consumer requesting disclosure of personal information your business has collected, you must provide records of personal information that have been collected in the past 12 months. You must do this free of charge. These records include:

  • Categories of third parties that have received the records
  • Commercial purposes
  • Sources

Your company must not discriminate based on a consumer's decision to exercise the right to:

  • Opt out
  • Request disclosure
  • Request deletion

The CCPA laws are now in effect, and will change the way businesses deal with data across the country. As almost all bigger businesses have some customers based in California, the CCPA has tremendous implications for data privacy laws. For more help with privacy policies and contracts, contact us .

How ContractsCounsel Works
Hiring a lawyer on ContractsCounsel is easy, transparent and affordable.
1. Post a Free Project
Complete our 4-step process to provide info on what you need done.
2. Get Bids to Review
Receive flat-fee bids from lawyers in our marketplace to compare.
3. Start Your Project
Securely pay to start working with the lawyer you select.

Meet some of our Lawyers

View Alex
Member Since:
August 26, 2021

Alex M.

Attorney
Free Consultation
Get Free Proposal
Los Angeles, California
11 Yrs Experience
Licensed in CA
Southwestern Law School

Mr. Mehdipour attended the University of California San Diego where he received his degree in political science. After graduating from UCSD, Mr. Mehdipour attended Southwestern University School of Law where he received his JD. Upon passing the bar, Mr. Mehdipour gained invaluable experience both in a law firm and business setting. Mr. Mehdipour uses his prior business and legal experiences to negotiate the most advantageous results for his clients.

View Alen
Member Since:
August 26, 2021

Alen A.

Attorney
Free Consultation
Get Free Proposal
Los Angeles, CA
15 Yrs Experience
Licensed in CA
University of West Los Angeles

Alen Aydinian is a versatile attorney with over a decade of experience working with business owners and real estate professionals. Client engagement is central to a successful attorney/client relationship. Alen personally manages all client relationships so that his clients can see how their interests are being served at every stage of the process.

View Nicholas
Member Since:
August 28, 2021

Nicholas A.

Founder, Victrix Legal LLC
Free Consultation
Get Free Proposal
Buffalo, NY
1 Yr Experience
Licensed in NY
Liberty University School of Law

I help small business owners build and protect their dreams. I always thought that I would just be a litigator. Then I joined an intellectual property clinic in law school. We were helping nonprofits and small businesses reach their goals. I fell in love with the work and decided to open my own firm so I could keep helping them. When I decided to start Victrix Legal, I decided that it would be a modern law firm designed to serve professionals. It would be different from every other law firm. In my experience, my law firms are designed to promote inefficiency and reactionary lawyering. Because in most firms, you make more money when you spend more time on a project. And you lose money if your client doesn't get sued. In my opinion, that's a built-in conflict of interest. My firm is different. I use flat fees for most basic projects to keep costs predictable for you and incentivize efficiency. I offer long-term advisory plans and legal audits to prevent issues from happening. I want my clients to see me as their business partner, not just the guy they call when they are in trouble. If any of that interests you, please reach out to me. I offer free consultations. Let's set aside some time and talk about what your legal needs are.

View Gerald
Member Since:
August 28, 2021

Gerald W.

Attorney
Free Consultation
Get Free Proposal
Round Rock, Texas
8 Yrs Experience
Licensed in IL, TX
Valparaiso University School of Law

My clients know me as more than just an attorney. First and foremost, my background is much broader than that. Prior to attending the Valparaiso University School of Law, I earned a Master of Business Administration and ran a small business as a certified public accountant. Thanks to this experience, I possess unique insight which in turn allows me to better assist my clients with a wide range of business and tax matters today. In total, I have over 20 years of experience in financial management, tax law, and business consulting, and I’m proud to say that I’m utilizing the knowledge I’ve gained to assist the community of Round Rock in a variety of ways. In my current practice, I provide counsel to small to medium-sized businesses, nonprofit organizations, and everyday individuals. Though my primary areas of practice are estate planning, elder law, business consulting, and tax planning, I pride myself on assisting my clients in a comprehensive manner. Whenever I take on a new client, I make an effort to get to know them on a personal level. This, of course, begins with listening. It is important that I fully understand their vision so I can help them successfully translate it into a concrete plan of action that meets their goals and expectations. I appreciate the individual attributes of each client and know firsthand that thoughtful, creative, and customized planning can maximize both financial security and personal happiness. During my time as a certified public accountant, I cultivated an invaluable skill set. After all, while my legal education has given me a deep understanding of tax law, I would not be the tax attorney I am today without my background in accounting. Due to my far-reaching experience, I am competent in unraveling even the most complex tax mysteries and disputes. My CPA training benefits my estate planning practice, too. In the process of drafting comprehensive wills and trusts, I carefully account for every asset and plan for any tax burdens that may arise, often facilitating a much smoother inheritance for the heirs of my clients. Prior to becoming certified as a CPA, I made sure to establish a solid foundation in business both in and out of the classroom, and the acumen I’ve attained has served me well. Not only am I better able to run my own practice than I otherwise would be; I am able to help other small business owners fulfill their dreams, as well.

View Garrett
Member Since:
August 29, 2021

Garrett M.

Associate
Free Consultation
Get Free Proposal
Dexter, MO
6 Yrs Experience
Licensed in TX
University of Texas

Hello! I am a young attorney with four years' experience in real estate transactions, fund formation, and general corporate transactional work. I graduated in 2016 from the University of Texas - Austin and I am barred in Texas.

View Billy Joe
Member Since:
October 25, 2021

Billy Joe M.

Partner Attorney
Free Consultation
Get Free Proposal
Chicago, IL
13 Yrs Experience
Licensed in IL
University of Illinois at Urbana-Champaign

I graduated from the University of Illinois at Urbana-Champaign in 2006 with a degree in Political Science, Finance, and Economics. I stayed around Champaign for law school and graduated in 2009. I then worked at a big law firm in downtown Chicago. It was boring, so I quit in early 2011. I thought that I could not be happy practicing law - I was wrong. After I quit the traditional law firm life, I began representing my own clients. I realize now that I love helping normal people, small business owners, and non-profits address a variety of legal issues. I hope to hear from you.

View James David
Member Since:
September 3, 2021

James David W.

Partner
Free Consultation
Get Free Proposal
Raleigh, NC
6 Yrs Experience
Licensed in DC, NC
Harvard Law School

I graduated from Harvard Law School and worked first for a federal judge and then a leading DC firm before starting a firm with a law school classmate. My practice focuses on company formations, early-stage investments, and mergers & acquisitions.

View Anna
Member Since:
November 11, 2021

Anna K.

Manager
Free Consultation
Get Free Proposal
Miami, Florida
24 Yrs Experience
Licensed in FL
University of Miami

Anna is an experienced attorney, with over twenty years of experience. With no geographical boundaries confining her practice, Anna works on corporate, healthcare and real estate transactions. Anna brings extensive big firm experience, garnered as an associate in the Miami office of the world's largest law firm, Baker and McKenzie, and the Miami office of the international law firm Kilpatrick Townsend. Her areas of expertise include: mergers and acquisitions, initial public offerings, private placements, healthcare transactions, corporate finance, commercial real estate transaction and acting as a general corporate counsel. Anna is certified to practice law in Florida and was admitted to the Florida Bar in 1998. Anna is also a Certified Public Accountant. She passed May 1995 CPA Exam on the first sitting. She is fluent in Russian (native).

View Phocus
Member Since:
September 16, 2021

Phocus L.

Attorney
Free Consultation
Get Free Proposal
Phoenix, AZ, USA
11 Yrs Experience
Licensed in AZ, CA
Georgetown University Law Center

G'day, my name is Michele! I work with startups, entrepreneurs and small/medium-sized businesses across the country in a wide array of industries. I help them with all of their ongoing, daily legal needs. This includes entity formation, M&A, contract drafting and review, employment, asset sale & acquisition, and business sales or shareholder exits. I'm half-Australian, half-Italian, and I've lived the last 20+ years of my life in America. I've lived all over the USA, completing high school in the deep south, graduating cum laude from Washington University in St. Louis, and then cum laude from Georgetown University Law Center. After law school I worked for the Los Angeles office of Latham & Watkins, LLP. After four intense and rewarding years there, I left to become General Counsel and VP of an incredible, industry-changing start-up called Urban Mining Company (UMC) that manufactures rare earth permanent magnets. I now work for Phocus Law where I help run our practice focused on entrepreneurs, startups, and SMEs. I love what I do, and I'd love to be of help! My focus is on providing stress-free, enjoyable, and high-quality legal service to all of my clients. Being a good lawyer isn't enough: the client experience should also be great. But work isn't everything, and I love my free time. I've been an avid traveler since my parents put me on a plane to Italy at 9-months old. I'm also a music nut, and am still looking for that perfect client that will engage me to explain why Dark Side Of The Moon is the greatest album of all time. Having grown up in a remote, and gorgeous corner of Australia, I feel a strong connection to nature, and love being in the elements.

View Gregory
Member Since:
September 16, 2021

Gregory C.

Partner
Free Consultation
Get Free Proposal
Denver, CO
9 Yrs Experience
Licensed in CO, MA
Boston University School of Law

Attorney Greg Corbin is the founder and principal of Signal Law in Denver, Colorado. A top-rated trial and transactional lawyer with more than seven years of total legal experience, Mr. Corbin provides exceptional counsel and support to clients across the greater Denver metro and surrounding areas who have legal needs involving any of the following: business and corporate law; contracts and agreements; incorporations, partnerships and other entity formation and dissolution services; and ongoing business counsel for emerging and expanding commercial enterprises. Utilizing the latest in cost-saving technologies and advanced automation, Mr. Corbin has established his practice as a modern law firm ready for the future, and he strives to provide the highest level of representation to his clients and help them achieve their goals and the favorable outcomes they seek as efficiently and cost-effectively as possible. He has gained a reputation for his innovative solutions as well as his transparent pricing structure and responsiveness when dealing with his clients. In recognition of his outstanding professionalism and service, Mr. Corbin has earned consistent top rankings and endorsements from his peers as being among the top lawyers in his region for business law and transactions. A 2008 graduate of Kansas State University, Mr. Corbin obtained his Juris Doctor from Boston University School of Law in 2013. The Massachusetts Bar Association admitted him to practice that same year, and the Colorado State Bar Association admitted him in 2015. Mr. Corbin is an active member of the Denver Bar Association and the Colorado State Bar Association, among his other professional affiliations, and he supports his local community through his involvement with Project Worthmore and Biking for Baseball, where he serves on the boards of directors.

View Serge
Member Since:
September 22, 2021

Serge Y.

General Counsel
Free Consultation
Get Free Proposal
NYC
10 Yrs Experience
Licensed in NY
Fordham University School of Law

Startup Lawyer that caters to the entrepreneurial spirit. Focusing on building long term relationships and working with emerging startups throughout their entire life cycle. From concept to IPO, I'll will help guide you along the way. Years of high level experience drafting, negotiating, and reviewing all types of transactional contracts, e.g., operating agreements, charters, bylaws, NDAs, Terms of Service, Master Service Agreements, etc. You name it; it's crossed my desk. Have a depth of experience working with the USPTO to file trademarks, copyrights, and patents. If you're in the startup space and need a helping hand, I'm your guy.

Find the best lawyer for your project

Browse Lawyers Now

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call