Mandatory · lawState of CaliforniaUSvCPRA 2023

CCPA / CPRA

California Consumer Privacy Act (as amended by CPRA)

California's privacy law granting consumers rights over their personal information and imposing a duty to implement reasonable security. The CPRA amendments added new rights and a dedicated enforcement agency (CPPA).

Official source ↗

Who it applies to

For-profit businessesCalifornia / USProcesses personal data

For-profit businesses doing business in California that meet a threshold — gross revenue over $25M, handling personal information of 100k+ consumers/households, or earning half their revenue from selling/sharing data — and process California residents' personal information.

Consumer rights

§1798.100 Consumers' right to know and notice at collection
Inform consumers about the categories and purposes of personal information collected and honour requests to access it.
10 mapped

Business obligations

§1798.130 Methods for handling consumer requests
Establish and document methods to receive, verify and respond to consumer privacy requests, and maintain records of them.
6 mapped
§1798.150 Duty to implement reasonable security
Implement and maintain reasonable security procedures appropriate to the personal information held; failure giving rise to a breach creates a private right of action.
7 mapped