What are the CCPA & CPRA?
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) are privacy laws that aim to protect the personal information of California residents. The CCPA was enacted in 2020 and grants Californians rights such as knowing what personal data is being collected about them and the ability to opt out of the sale of their personal data. The CPRA, which passed in the same year, builds upon the CCPA and includes new requirements for data retention, minimization, and security. It also introduces new consumer rights, like the right to correct inaccurate personal information. Both laws are enforced by a new agency created under the CPRA.
Where do the CCPA & CPRA apply to?
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) safeguard Californian residents' personal info. CCPA, established in 2020, grants rights like data transparency and opt-out choices. CPRA, also introduced in 2020, enhances data regulations and adds new rights, overseen by a new agency.
These laws apply to businesses handling residents' personal info, encompassing activities like collection, use, or sharing of data. Businesses must meet specific criteria, which include:
● Annual revenue of $25 million or more
● Info collection from 50,000+ residents annually
● Generating over 50% revenue from selling personal info
What Are the Possible Reasons for CCPA & CPRA Penalties?
Violations of the law can result in penalties under the CCPA (and CPRA). Common violations encompass:
● Not providing consumers with a privacy notice
● Ignoring “Do Not Sell My Personal Information” requests
● Not obtaining consent for children's data
● Not responding to consumer requests for access to or deletion of data
● Failing to report unauthorized access to consumer data or other forms of data breaches.
Who is Liable for CCPA Penalties?
If your business is governed by the CCPA and you break the law, the Attorney General could potentially take action against you at any time.
What Are the CCPA Penalties for
Non-Compliance?
CCPA fines can reach up to $7,500 for each intentional violation and $2,500 for each unintentional violation. While these amounts might seem manageable, they can accumulate significantly.
For instance, if you sell the personal data of 300,000 individuals without allowing them to opt-out, this constitutes 300,000 violations under the CCPA, potentially resulting in fines up to $2.25 billion.
Additionally, if a data breach occurs because proper security measures weren't taken, affected consumers may also seek civil penalties through a private right of action, with amounts varying based on the specific violation.
Get the CCPA-CPRA checklist for Free to simplify your compliance game plan
How Consentmo can help?
Cookie bar and Preferences popup
Generated Compliance pages
Data Subject Access Request (DSAR) logs
Automatic translations in multiple languages
Do Not Sell Rule Compliant
Frequently Asked Questions
To ensure CCPA/CPRA compliance, implement measures such as updating privacy policies, providing opt-out mechanisms, handling consumer requests, conducting regular data audits, training employees, and staying informed about evolving regulations to align your business practices with the requirements of the legislation.
The CPRA (California Privacy Rights Act) is an amendment to the CCPA. It enhances privacy rights, establishes a new enforcement agency, expands data breach liability, and introduces stricter rules for sensitive personal information, providing stronger data protection for California residents.
No, the CPRA does not replace the CCPA. It amends and enhances the existing CCPA regulations, introducing additional privacy rights and protections. The CPRA builds upon the foundation set by the CCPA rather than replacing it entirely.
Stay informed
Sign up for our newsletter to get the latest updates, thoughts, and ideas from Consentmo.
Subscribe to get our monthly newsletter
Get Started
Regulations
Resources
Comparison
Company
Legal
%20-%20Copy.png)
.svg)
