Request Demo
Education Resources

What is CCPA?​

The California Consumer Privacy Act (CCPA) is a law that the State of California passed in 2018. This law gives California residents more control over the personal information that businesses collect about them. It also allows consumers to sue companies if privacy guidelines are violated, even if no damage occurred.

CCPA applies to companies doing business in California, including those located outside of California, that meet the following conditions:

  • Companies with at least $25 million in gross annual revenue.
  • Companies that buy, receive or sell personal data on at least 50,000 California residents.
  • Companies that collect more than half their revenue from the sale of personal data. 


Insurance companies and agents are exempt from these regulations because consumers are already protected under California’s Insurance Information and Privacy Protection Act. (IIPPA)

What rights does the CCPA give to consumers?

  • The right to know about the personal informatioin a businesss collects about them and how it is used and shared.
  • The right to delete personal information collected from them. This does not include publicly available information from federal, state or local government records, such as professional licenses and property records. 
  • The right to opt-out of the sale of their personal information.
  • The right to non-discrimination for exercising their CCPA rights.

What does a company need to do to become CCPA compliant?

  • Create a privacy policy as required by CCPA.
  • Appoint a team, or develop a process for responding to consumer and processing requests to exercise privacy rights. 
  • Comply with consumer requests to inform them about the type and purpose for which the data is being collected.
  • Verify the identity of consumers who request to access or delete their personal information.
  • Do not share or sell personal information of persons under the age of 16.
  • Deliver information to consumers free of charge within 45 days of the request. This may be done by mail or electronically.
  • Delete personal information and allow consumers to opt-out if requested.
  • Provide consumers the right to equal services and prices.
  • Ensure that agreements with third-party service providers are CCPA compliant.
  • To demonstrate compliance, maintain records and outcomes of requests for 24 months.

Ready to Take Your Security Awareness Program to the Next Level?

Request demo