Get privacy insights in your inbox.

California, United States

CCPA/CPRA

California Consumer Privacy Act / California Privacy Rights Act

The CCPA, as amended by the CPRA, is California's comprehensive consumer privacy law granting residents the right to know, delete, and opt out of the sale or sharing of their personal information, enforced by the California Privacy Protection Agency.

Source: IQWorks — iqworks.ai | Last updated: 2026-03-20

Effective

Jan 1, 2020

Jurisdiction

California, United States

Max Penalty

$7,500 per intentional violation

Enforced By

California Privacy Protection Agency (CPPA) and California Attorney General

Who Does CCPA/CPRA Apply To?

For-profit businesses that collect California residents' personal information and meet revenue, data volume, or revenue-from-selling thresholds.

Key Requirements

Privacy Notice

Businesses must provide a notice at or before the point of collection describing categories of personal information collected and purposes of use.

Consumer Request Handling

Businesses must respond to consumer requests to know, delete, correct, and opt-out within 45 days (extendable to 90 days).

Do Not Sell/Share

Businesses must provide a clear "Do Not Sell or Share My Personal Information" link and honor opt-out requests for sale and sharing of personal information.

Data Minimization

CPRA added requirements to collect, use, retain, and share only personal information reasonably necessary for the disclosed purpose.

Sensitive Personal Information

Consumers can limit the use and disclosure of sensitive personal information (SSN, financial data, precise geolocation, biometrics, health data).

Service Provider Contracts

Businesses must ensure service providers and contractors are contractually bound to use shared personal information only for specified business purposes.

Individual Rights Under CCPA/CPRA

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale or sharing
Right to correct inaccurate personal information
Right to limit use of sensitive personal information
Right to non-discrimination for exercising rights

Frequently Asked Questions

What is CCPA/CPRA?

The CCPA, as amended by the CPRA, is California's comprehensive consumer privacy law granting residents the right to know, delete, and opt out of the sale or sharing of their personal information, enforced by the California Privacy Protection Agency.

What are the penalties for CCPA/CPRA non-compliance?

The maximum penalty under CCPA/CPRA is $7,500 per intentional violation. Enforcement is handled by California Privacy Protection Agency (CPPA) and California Attorney General.

Who does CCPA/CPRA apply to?

For-profit businesses that collect California residents' personal information and meet revenue, data volume, or revenue-from-selling thresholds.

When did CCPA/CPRA take effect?

California Consumer Privacy Act / California Privacy Rights Act was enacted in 2018 and became effective on January 1, 2020.

Compare CCPA/CPRA

GDPR vs CCPA: Understanding the Key DifferencesDPDPA vs CCPA: India and California Privacy Laws ComparedCCPA vs LGPD: California and Brazil Privacy Laws Compared

Compliance Guides

CCPA/CPRA Compliance Guide

Related Regulations

GDPR

European Union

DPDPA

India

LGPD

Brazil

See also: CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act) in the glossary

Automate CCPA/CPRA Compliance

IQWorks helps organizations achieve and maintain CCPA/CPRA compliance with AI-powered automation.

Request Demo