← Glossary·Frameworks

CCPA / CPRA

Also known as: California Consumer Privacy Act · California Privacy Rights Act
CCPA

California's omnibus consumer privacy law, expanded by CPRA; enforced by the CPPA.

The California Consumer Privacy Act (effective 2020), amended by the CPRA (effective 2023), grants California consumers rights to access, delete, correct, opt out of sale/sharing, and limit use of sensitive personal information. It applies to for-profit businesses meeting any of three thresholds (revenue, volume, or share of revenue from selling PI).

Why it matters
CCPA/CPRA carries $2,500–$7,500 statutory civil penalties per violation (per consumer, per incident). The California Privacy Protection Agency (CPPA) has issued multi-million-dollar settlements (Sephora $1.2M, DoorDash $375K).

Related terms

Data Subject Rights (DSAR)
Rights granted to individuals over their personal data — access, rectification, erasure, portability, restriction, objection.
Do Not Sell or Share My Personal Information
CCPA/CPRA-mandated link allowing California consumers to opt out of sale/sharing of personal information.
Sensitive Personal Information (SPI)
Special category of personal data — health, biometrics, race, religion, sexual orientation, precise geolocation, etc.
GDPR
EU regulation governing processing of personal data of EU/EEA data subjects; fines up to €20M or 4% of global turnover.

Does your program actually cover CCPA / CPRA?

Run a free ComplianceIQ audit against CCPA and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free CCPA auditBack to glossary