Discusses a Guide to the California Consumer Privacy Act

Published March 29, 2023

Since 2020, the CCPA, or California Consumer Privacy Act has been the country's most all-inclusive privacy legislation. If one owns a for-profit company in the state or is collecting residents' personal information, compliance is essential. Here, we will go over the basics of the CCPA and how it affects companies. A company such as Sidley Austin can provide clarification on this matter.

Threshold Requirements

The California Consumer Protection Act applies to for-profit companies within these limits:

  • Annual gross revenue of $25 million

  • The yearly sharing, selling, or receiving of information from 50,000 or more devices, households, or customers

  • The derivation of 50% or more of yearly revenue from the selling of consumer information

Parent companies and subsidiaries sharing a brand must comply with the CCPA even if they alone do not exceed the threshold. One can find additional info here.

What's Protected and Who Is Affected by the CCPA?

Under the California Consumer Privacy Act, consumers may exercise their legal rights regarding personal information held by businesses. The term 'personal information is defined as that identifying, relating to, or describing a certain household or consumer, including:

  • Names, aliases, postal addresses, IP addresses, email addresses, and Social Security numbers

  • Characteristics of federal or state-protected classifications

  • Commercial information such as purchase receipts

  • Biometric information

  • Internet browsing and search histories

There are a few exclusions to consider. For instance, information that's publicly available is not covered under the CCPA.  A company such as Sidley Austin can provide clarification on this matter.

Enforcing the CCPA

Under the California Consumer Privacy Act, the state's attorney general can bring a civil action against a business for any violation. The Act also includes limited consumer action rights for statutory violations. Consumers can file claims if their nonredacted or nonencrypted data is stolen, misused, or accessed without permission.

What's the Difference Between the CCPA and the GDPR?

Many have heard of the European GDPR (General Data Protection Regulation) and would like to know how it differs from the United States: User-enabled privacy controls under CCPA regulations. While these laws align in some areas, they're significantly different in others. 

Both privacy laws protect consumers by giving them access to and controlling personal data. Furthermore, the CCPA and the GDPR both focus on transparency. To achieve that goal, the laws require comprehensive privacy notices, contracts, and grants to consumers regarding the control of private information. However, the laws differ as far as applicability and compliance requirements are concerned.

Businesses Must Review Their Privacy Practices

To ensure compliance with the CCPA, businesses must assess the data they hold. Determine what's being collected, how it's being handled, and where it is stored. The Act gives consumers more control over their data, and companies must comply with their information requests, including:

  • Pieces and categories of information being collected

  • Sources from which information is gained

  • Which businesses are gathering the information

  • The purposes for which the information is collected

  • How information is shared

  • Deletion of private data

According to, the above information must be given to the consumer at no cost within 45 days. Businesses with existing privacy policies must review and update them to comply with the CCPA.

Changes are Coming

The California Consumer Privacy Act will evolve over the next few years, and several other states are moving to enact similar laws. Regulatory changes in this area are forthcoming, and businesses need adaptable policies that can change as they do.

Media Contact
Company Name:
Contact Person: Media Relations
Email: Send Email
Phone: 407-875-1833
Country: United States