Home Blog The CCPA Explained

Jump to Section

Quick Facts — Privacy Policy Lawyers

What Is the CCPA?

The CCPA, more officially known as the California Consumer Privacy Act or AB 375, is a state-wide data privacy law in California. It is the first law of its kind in the U.S.

ContractsCounsel CCPA

Image via Unsplash by rupixen

The CCPA regulates how businesses worldwide can handle personal information, or PI, of California residents. Though the CCPA was passed by the California state legislature in 2018, it first came into effect on January 1, 2020. The law became enforceable on July 1, 2020.

Who Does the CCPA Affect?

The CCPA is similar to the General Data Protection Regulation, or GDPR, in the European Union. As with the GDPR, the CCPA deals with consumers' data privacy rights. The law forces many organizations to protect the privacy rights of their consumers.

The CCPA specifically covers consumers who are California residents. However, businesses around the world must comply with CCPA regulations if they have consumers from California. Businesses do not need to be based in California to fall under the law. Companies do not even need to have a physical presence in California or in the United States to fall under this law if they meet certain requirements.

Requirements for Businesses

Not all businesses must comply with the regulations in the CCPA. The CCPA applies if a company fits in one or more of the following categories:

  • The business buys, sells, or receives personal information of 50,000 or more devices, consumers, or households.
  • The business derives half or more of its revenue from selling personal information of consumers.
  • The business has a gross annual revenue that exceeds $25 million.

Under the CCPA, businesses that handle personal information for more than four million consumers have additional obligations as well.

Exemptions










Volume 0%























A later amendment exempts insurance institutions, agents, and organizations that already fall under similar regulation of the Insurance Information and Privacy Protection Act, or IIPPA, in California.

Additionally, the following businesses are exempt from the CCPA as they are covered under federal data security laws already:

Protections for Consumers

The CCPA allows any California consumer to:

  • Demand to see all information a company has saved about them.
  • Demand to see a full list of all third parties a company shares their data with.
  • Sue companies in cases when privacy guidelines are violated, and consumers can sue companies even if no breach occurs.

California residents, or consumers, have the right to:

  • Opt out of having data sold to third parties.
  • Request disclosure of data that has already been collected.
  • Request that data collected be deleted.
  • Be notified and receive equal prices and services — companies cannot discriminate against consumers based on a consumer's choice to exercise these rights.

What Happens When a Company Is Not in Compliance With the CCPA?

Once regulators notify a business of a violation, the company has 30 days to comply with the law. If the issue is not resolved in that time, businesses are subject to a fine per record.

Fines may be between $100 and $750 per consumer per alleged violation, or the actual damages — whichever amount is greater.

Consumers also have the right to sue businesses if they believe their privacy rights were violated. The CCPA allows for class action lawsuits as well.

Data the CCPA Covers

The CCPA covers personal information. Examples of what the law considers personal information includes:

  • Biometric information.
  • Geolocation data.
  • Characteristics of protected classifications under federal or California law.
  • Identifiers, including:
    • Driver's license number
    • Social Security number
    • Passport number
    • Account name
    • Postal address
    • Email address
    • Online identifier IP address
    • Real name
    • Alias
  • Commercial information, including:
    • Products purchased, obtained, or considered
    • Services purchased, obtained, or considered
    • Records of personal property
  • Purchasing/consuming histories/tendencies.
  • Internet/electronic network activity such as:
    • Browsing history
    • Search history
    • Information about the consumer's interaction with applications, advertisements, or websites
  • Education information, as defined in the Family Education Rights and Privacy Act (FERPA) as not publicly available PII, or personally identifiable information.
  • Audio, electronic, olfactory, thermal, visual, or similar information.

The CCPA also covers inferences drawn from the above information to create a consumer profile reflecting things such as a consumer's:

  • Abilities
  • Aptitudes
  • Attitudes
  • Behavior
  • Characteristics
  • Intelligence
  • Predispositions
  • Preferences
  • Psychological trends

Key Provisions of the CCPA

The CCPA stipulates that companies covered by the law must allow consumers to choose not to have data shared with third parties. In practical terms, that means companies now must be able to separate data they collect following their users' privacy choices.

Companies are not required to report breaches under this law. Additionally, before fines are possible, a consumer must file a complaint.

Enforcement of the CCPA

In addition to granting Californians the right to sue businesses that do not take reasonable precautions to prevent data breaches, the CCPA can be enforced. The Office of the Attorney General of California has the power to enforce the CCPA. However, the state has limited enforcement capabilities, as there are not enough resources to ensure that all companies comply with the law at the same time that they manage non-compliance cases.

What Must a Business Do to Be In Compliance With the CCPA?

If your business falls under the CCPA, you are required to:

  • Allow consumers to deal with their personal data in the business's storage in the following ways:
    • Choosing to opt-out
    • Choosing to read the data
    • Choosing to delete the data
  • Disclose financial incentives for your business to sell or retain a consumer's personal data as well as how you value the data.
  • Respond to requests from consumers within specific timeframes.
  • Verify the identity of any consumer who requests to read/delete their information; this is the case even if the consumer has a password-protected account.
  • Keep records of access requests and how your business responded for 24 months.

You must ensure that your company's website:

  • Includes a "Do Not Sell My Personal Information" link so that users may opt out of third-party data sales.
  • Informs users about categories of personal information collected (and for what purposes) at or before the point of data collection.
  • Obtains opt-in/consent before selling or disclosing personal information of minors under the age of 16; parents or legal guardians must opt in for minors under 13.
  • Updates its privacy policy to include:
    • A description of consumer's rights
    • An explanation of how to exercise rights
    • A list, updated annually, of personal information categories the company collects/sells/discloses
  • Shows consumer privacy settings that signal the choice to opt out.

If your company gets a verifiable request from a consumer requesting disclosure of personal information your business has collected, you must provide records of personal information that have been collected in the past 12 months. You must do this free of charge. These records include:

  • Categories of third parties that have received the records
  • Commercial purposes
  • Sources

Your company must not discriminate based on a consumer's decision to exercise the right to:

  • Opt out
  • Request disclosure
  • Request deletion

The CCPA laws are now in effect, and will change the way businesses deal with data across the country. As almost all bigger businesses have some customers based in California, the CCPA has tremendous implications for data privacy laws. For more help with privacy policies and contracts, contact us .


ContractsCounsel is not a law firm, and this post should not be considered and does not contain legal advice. To ensure the information and advice in this post are correct, sufficient, and appropriate for your situation, please consult a licensed attorney. Also, using or accessing ContractsCounsel's site does not create an attorney-client relationship between you and ContractsCounsel.


Need help with a Privacy Policy?

Create a free project posting
Clients Rate Lawyers 4.9 Stars
based on 21,058 reviews

Meet some of our Lawyers

Paul S. on ContractsCounsel
View Paul
5.0 (18)
Member Since:
August 4, 2020

Paul S.

CEO
Free Consultation
Cincinnati, OH
40 Yrs Experience
Licensed in CA, OH
Boston University

I focus my practice on startups and small to mid-size businesses, because they have unique needs that mid-size and large law firms aren't well-equipped to service. In addition to practicing law, I have started and run other businesses, and have an MBA in marketing from Indiana University. I combine my business experience with my legal expertise, to provide practical advice to my clients. I am licensed in Ohio and California, and I leverage the latest in technology to provide top quality legal services to a nationwide client-base. This enables me to serve my clients in a cost-effective manner that doesn't skimp on personal service.

Recent  ContractsCounsel Client  Review:
5.0

"Was my great pleasure working with Paul. He is very knowledgeable about startups/companies, professional, wise, and supportive. I would highly recommend him."

Paul M. on ContractsCounsel
View Paul
5.0 (16)
Member Since:
October 25, 2023

Paul M.

Ceo
Free Consultation
Providence, RI
21 Yrs Experience
Licensed in LA, MA, RI
Loyola New Orleans

Transactional attorney and corporate in house counsel for 15 years. Draft all types of contracts and employment agreements.

Recent  ContractsCounsel Client  Review:
5.0

"Paul is prompt, professional, and knowledgable. I am happy with the prenuptial agreement I got and would be glad to work with him again."

Karen S. on ContractsCounsel
View Karen
4.8 (36)
Member Since:
January 31, 2023

Karen S.

Attorney
Free Consultation
Atlanta, GA
15 Yrs Experience
Licensed in GA
Georgia State University

I'm an attorney available to help individuals and small businesses in Georgia with initial business set-up, required filings, tax strategies, etc. I'm also available to draft, review, and negotiate contracts of many types, both personal and professional. I can draft and file real estate quit claims as well. My legal and business experience and expertise includes small business startups, information technology, technology innovation, real estate transactions, taxes, intellectual property, electrical engineering, the business of video game development, business requirements definition, technology consulting, technology companies, liability waivers and reduction strategies, and the electric utility industry. I work part-time for a local law firm and part-time in my solo practice. I'm also an adjunct professor teaching business law. In addition, I'm part owner, legal counsel to, and a board member of a virtual reality video game development company. I am a member of the Georgia Bar Association. Please reach out if you need attorney, documentation or consulting help in any of those areas!

Recent  ContractsCounsel Client  Review:
5.0

"Karen is amazing!! She is so approachable and gives great, practical guidance."

Curt B. on ContractsCounsel
View Curt
5.0 (4)
Member Since:
March 25, 2023

Curt B.

Managing Partner
Free Consultation
Los Angeles, California
12 Yrs Experience
Licensed in DC, FL, MI, TX, WA
UCLA School of Law

Curt Brown has experience advising clients on a variety of franchising, business litigation, transactional, and securities law matters. Mr. Brown's accolades include: - Super Lawyers Rising Star - California Lawyer of the Year by The Daily Journal - Pro Bono Attorney of the Year the USC Public Interest Law Fund Curt started his legal career in the Los Angeles office of the prestigious firm of Irell & Manella LLP, where his practice focused on a wide variety of complex civil litigation matters, including securities litigation, antitrust, trademark, bankruptcy, and class action defense. Mr. Brown also has experience advising mergers and acquisitions and international companies concerning cyber liability and class action defense. He is admitted in California, Florida, D.C., Washington, Illinois, Colorado, and Michigan.

Recent  ContractsCounsel Client  Review:
5.0

"I was very impressed with the responsiveness and knowledge brought to my situation."

Jehan C. on ContractsCounsel
View Jehan
4.7 (3)
Member Since:
November 14, 2025

Jehan C.

Business, Estate and Intellectual Property Lawyer
Free Consultation
Washington, DC
12 Yrs Experience
Licensed in DC
New York Law School

Experience business, estate and intellectual property attorney ready to serve entrepreneurs and creatives in all 50 state and those that have wills and estate planning needs in the District of Columbia.

Recent  ContractsCounsel Client  Review:
5.0

"Jehan was responsive, spent time understanding the issue and provided a solution. Thank you."

William B. on ContractsCounsel
View William
Member Since:
April 2, 2024

William B.

Associate Attorney
Free Consultation
Brookhaven, Mississippi
5 Yrs Experience
Licensed in AL, MS, OK
Tulane University

Presently, I am a civil rights and insurance litigation attorney with a focus on representation government entities. Prior to this, I’ve represented some of the largest financial institutions in the world in litigation.

James H. on ContractsCounsel
View James
Member Since:
September 17, 2023

James H.

Attorney, Corporate Counsel, Mediator
Free Consultation
Washington DC
7 Yrs Experience
Licensed in DC
Washington University In St. Louis School of Law

Attorney James is an experienced Attorney, Federal Law & Tax Specialist, Corporate Counsel, Tax Lawyer and Mediator. Experienced in Contract Drafting, Corporate Formation, Corporate Governance, Federal Administrative Law, Regulatory Compliance, Tax Settlement, Tax Planning, Merger/Acquisition, Business Law, Collection, Insurance Claims, Employment Law, Immigration, Non-Profit Governance Attorney: US District Court of the District of Columbia, Washington DC Federal Bar #DE0003 US Bankruptcy Court of The District of Columbia, Washington DC Federal Bar #DE0003 Tax Advisor: IRS Registered Tax lawyer/PTIN, PTIN (over 10 years experience) US Federal Agencies, Boards and Commissions, Federal Administrative Law and Regulatory Compliance Business law services: Administrative Law, Business Law, Collections, Bankruptcy, Corporate, Employment, Regulatory Compliance, Corporate Counsel, Immigration

Find the best lawyer for your project

Browse Lawyers Now

See Real Privacy Policy Projects

Washington Privacy policy Drafting
  • Washington
  • 4 lawyer bids
  • $850 - $3,500
View Details
California Privacy Policy Drafting
  • California
  • 2 lawyer bids
  • $250 - $2,000
View Details
Colorado 2mintek Privacy Policy Drafting
  • Colorado
  • 5 lawyer bids
  • $499 - $2,499
View Details
Washington Create Privacy Policy and User Agreement for new Readathon Platform Drafting
  • Washington
  • 10 lawyer bids
  • $875 - $3,000
View Details
Illinois Need to add a Privacy Policy to my website (under development). I just opened a Texas LLC, the business is focused on direct-hire, professional search. Drafting
  • Illinois
  • 10 lawyer bids
  • $400 - $1,999
View Details
Maryland Privacy policy Drafting
  • Maryland
  • 12 lawyer bids
  • $450 - $1,999
View Details

See all Privacy Policy projects

Quick, user friendly and one of the better ways I've come across to get ahold of lawyers willing to take new clients.

View Trustpilot Review

Need help with a Privacy Policy?

Create a free project posting
Clients Rate Lawyers 4.9 Stars
based on 21,058 reviews
CONTRACT LAWYERS BY TOP CITIES
See All Privacy Lawyers
CCPA LAWYERS BY CITY
See All CCPA Lawyers

Contracts Counsel was incredibly helpful and easy to use. I submitted a project for a lawyer's help within a day I had received over 6 proposals from qualified lawyers. I submitted a bid that works best for my business and we went forward with the project.

View Trustpilot Review

I never knew how difficult it was to obtain representation or a lawyer, and ContractsCounsel was EXACTLY the type of service I was hoping for when I was in a pinch. Working with their service was efficient, effective and made me feel in control. Thank you so much and should I ever need attorney services down the road, I'll certainly be a repeat customer.

View Trustpilot Review

I got 5 bids within 24h of posting my project. I choose the person who provided the most detailed and relevant intro letter, highlighting their experience relevant to my project. I am very satisfied with the outcome and quality of the two agreements that were produced, they actually far exceed my expectations.

View Trustpilot Review

Need help with a Privacy Policy?

Create a free project posting
Clients Rate Lawyers 4.9 Stars
based on 21,058 reviews

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call

Find lawyers and attorneys by city