What Is CCPA?
How to proactively and effectively protect the consumer rights of California residents, manage requests — and meet CCPA compliance.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) protects the personal information of California consumers and requires that all organizations handling California resident information take responsibility to safeguard consumer data.
The CCPA requires that companies meet higher accountability standards for data collection and processing — and account for any data that can be linked, associated, or related to California residents.
The CPPA aims to put data rights back into the hands of consumers by requiring that companies provide them with specific rights over their data. These rights for consumers include:
- the right to access the personal information an organization holds on them
- the right to know what personal data is being collected, analyzed, and monitored
- the right to opt out of having their data sold or shared with third parties
- the right to delete their data by request
- the right to equal service without discrimination, regardless of whether or not they choose to share their data or leverage a data request
CCPA and Personal Information
The CCPA regulates the personal information, which it defines as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
Personal information includes both direct identifiers like social security numbers — as well as inferred identifiers, which may include anything from geolocation history to shopping patterns to biometric data.
CCPA vs. GDPR
The CCPA is modeled off of the European Union’s General Data Protection Regulation (GDPR) and borrows many of its core principles from that regulation — including a similar definition of personal information (under CCPA) and sensitive personal information (under GDPR).
The two regulations differ meaningfully when it comes to their scope — CCPA protects consumers who are California residents — and GDPR protects “data subjects” within the EU, regardless of their residency.
The GDPR also requires that users give clear consent before personal data is collected and processed about them, and CCPA requires that businesses empower users with the ability to opt out.
CCPA Violations and Penalties
The CCPA is designed to transform how covered companies interact with customer data — and establish new penalties and liabilities for the personal information they collect, sell, and disclose.
Under CCPA, the California Attorney General can levy penalties based on privacy violations and data breach notification requirements in the amount up to $7,500 per violation, and up to $750 in civil damages per user.
How Is CCPA Enforced?
The California Attorney General’s office enforces CCPA and issues penalties for violations.
The CCPA also grants explicit rights for individuals to file claims for privacy loss or compromised identities — and includes a private right to action limited to data breaches.
BigID Solutions for CCPA
Discover all sensitive and personal information of CA residents — wherever it is stored across the enterprise.
Data classification re-imagined for the modern data landscape — for all data, everywhere.
Automatically establish how identifiable data relates to a California consumer’s identity — and uncover data relationships.
Get an MI-driven data catalog for technical, operational, and business metadata across all data, everywhere.
Manage, monitor, and validate data processing and sharing activities across your entire data environment.
Automatically generate individual consumer reports, including specific attributes and categories of information collected, sold, and disclosed.