← All calculators
CCPA · FREE TOOL

CCPA & CPRA Penalty Calculator

California civil penalties accrue per violation, and 'violation' is interpreted per affected consumer. The California Privacy Protection Agency (CPPA) enforces — $2,500 unintentional, $7,500 intentional or involving a minor, with no annual cap. This calculator estimates statutory exposure plus the private-right-of-action damages from §1798.150.

Each affected California resident can be a separate violation.
For unencrypted PII breaches only (§1798.150).
$100 per resident
AG / CPPA civil penalty
$25.00M
10,000 × $2,500
Private right of action exposure
$0
0 × $100
Combined upper-bound exposure
$25.00M
No annual cap under CCPA.
Run my free compliance auditGenerate policies

How this is calculated

Cal. Civ. Code §1798.155
Civil penalties — $2,500 per violation, $7,500 per intentional violation or violation involving a minor.
Cal. Civ. Code §1798.150
Private right of action — $100 to $750 per consumer per incident or actual damages (whichever is greater) for security failures.
CPPA 2024 enforcement priorities
Sephora $1.2M (2022), DoorDash $375K (2024), Honda $632K (2024) — all settled with the AG/CPPA.

Things people get wrong

Real enforcement examples

BetterHelp
$7.8M
Disclosed sensitive mental-health data to Meta / Snap ad pixels
Block / Cash App
$175M
Failed fraud investigations + inadequate Reg E dispute handling

FAQ

What counts as an intentional CCPA violation?
Knowingly failing to fix a known compliance issue, or willfully ignoring consumer requests. The CPPA looks at remediation behavior — a company that ignores a notice or repeats the same violation is treated as intentional.
Does CCPA apply to my business?
If you collect California residents' personal info and meet ANY of: (1) $25M+ annual revenue, (2) data on 100,000+ consumers/households, or (3) 50%+ revenue from selling/sharing personal info. Most B2C SaaS, ecom, and adtech qualify.
What about other state privacy laws?
By end of 2025, 20+ US states have comprehensive privacy laws (VA, CO, CT, UT, TX, OR, MT, etc.). Most use $7,500/violation as the ceiling. Build to the strictest (CA + CO) and you're covered for most.

Related

CCPA audit →GDPR audit →GDPR Fine CalculatorHIPAA Penalty CalculatorData Breach Cost CalculatorSOC 2 Audit Cost Calculator