What is California Consumer Privacy Act (CCPA)?
The CCPA (California Consumer Privacy Act) is a state-level data privacy law enacted in California, USA, that grants consumers more control over their personal information held by businesses. It went to effect on January 1, 2020, and was further expanded by the California Privacy Rights Act (CRPA), which took effect in 2023.
The CCPA requires companies to disclose what personal data they collect, how it is used, and with whom it is shared. It also gives consumers the right to access their data, request deletion of their data, and opt out of the sale of their data. The law aims to enhance privacy rights and consumer protection for California residents, with strict penalties for non-compliance, encouraging businesses to handle personal data transparently and responsibly.
Who Must Comply with CCPA?
CCPA applies to businesses that meet at least one of the following criteria:
- Have annual gross revenues over $25 million
- Buy, receive, sell, or share personal data of 100,000 or more California residents
- Derive 50% or more of annual revenue from selling California consumers’ personal data
It also applies to service providers and third parties that process data on behalf of these businesses.
Key Consumer Rights Under CCPA
Rights | Description |
|---|---|
Right to Know | Consumers can request to know what personal information is being collected, used, shared, or sold. |
Right to Delete | Consumers can request the deletion of their personal information held by a business. |
Right to Opt-Out | Consumers can opt out of the sale of their personal information. |
Right to Non-Discrimination | Consumers cannot be denied services or charged differently for exercising their privacy rights. |
Right to Correct (introduced under CRPA) | Consumers may request the correction of inaccurate personal information. |
What is Considered Personal Information?
Under CCPA, personal information includes:
- Name, email address, phone number
- IP address or geolocation data
- Biometric data
- Purchase history
- Browsing/search history
- Inferences used to create consumer profiles
This definition covers both structured and unstructured data, making sure data governance is critical for compliance.
CCPA vs. GDPR
Feature | CCPA | GDPR |
|---|---|---|
Region | California (U.S.) | EU |
Consent Requirement | No (opt-out model) | Yes (opt-in model) |
Right to Access | Yes | Yes |
Right to Delete | Yes | Yes |
Penalties | Civil fines, private right of action | Regulatory fines |
Supervisory Authority | California Privacy Protection Agency (CPPA) | National DPAs in EU member states |
How Fasoo Helps Organizations Comply with CCPA
Fasoo’s data-centric security platform supports CCPA compliance by helping organizations protect, govern, and manage personal information at the file level – even in unstructured environments.
Fasoo’s capabilities include:
File-Level Encryption: Prevent unauthorized access to personal data stored in documents
Access Controls: Restrict who can view, edit, print, or share files — based on identity, location, or device
Data Classification: Automatically identify and label documents containing personal information
Audit Trails: Track every file interaction for compliance, investigation, and accountability
Granular Policy Enforcement: Enable deletion, access revocation, or export of files in response to consumer requests
With Fasoo, organizations can operationalize CCPA requirements across departments and third-party ecosystems – without compromising productivity or security.
Resources
Product Overview
Blog
Use Case
Fasoo Enterprise DRM
Meet with a
Compliance Specialist
Brochure
Learn more about
Fasoo Enterprise DRM
