FAQ About Understanding the Basics of Cybersecurity

The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that went into effect in California on January 1, 2020. The CCPA grants California residents new rights to know what personal information businesses collect about them, how that information is used, and to whom it is sold or disclosed. The CCPA applies to businesses that meet certain criteria, such as having annual gross revenues of more than $25 million, or collecting, buying, selling, or sharing the personal information of 50,000 or more consumers, households, or devices annually.

Under the CCPA, California residents have the right to request that businesses disclose what personal information they have collected about them, delete their personal information, and opt-out of the sale of their personal information. Businesses must also provide certain disclosures to consumers about their data collection and sharing practices, including in their privacy policies.

Non-compliance with the CCPA can result in fines of up to $7,500 per violation, and businesses may also be subject to lawsuits by consumers for data breaches or other violations of the CCPA.

The CCPA has become a significant driver of data privacy regulation in the United States, and has influenced the development of similar laws in other states, such as Virginia and Colorado.