Privacy compliance with CCPA, made simple.

For companies that meet the CCPA thresholds—this is not a drill.

What is CCPA?

The California Consumer Privacy Act (CCPA) gives consumers more control over the personally identifiable information (PII) that businesses collect about them. CCPA secures new privacy rights for California consumers, including the right to know about the PII a business collects about them, the right to delete PII collected, the right to opt-out of the sale of their PII, and the right to non-discrimination for exercising their CCPA rights.

Who Needs to Comply with CCPA?

The CCPA and its regulations apply to entities within California, as well as those located outside of California that engage in transactions with Californians for the purpose of financial gain OR collect any information from California residents. It also applies to any business that meets one or more of the following thresholds:

  • Has an annual gross revenue of over US $25 million
  • Holds data containing personally identifiable information of 50,000 or more Californian consumers, households, or devices
  • Derives 50% or more of its annual revenues from selling consumers’ PII
Who Needs to Comply with CCPA

How Do I Comply with CCPA?

CCPA requires businesses to provide a privacy notice disclosing how consumers’ personally identifiable information is collected, used, and shared—as well as how to exercise CCPA rights—at least two mechanisms for consumers to submit requests for information about, access to, or deletion of their PII, the ability for consumers to opt out of the sale of their PII, and training.

Path to Success

Becoming CCPA Compliant

Strike Graph helps you become CCPA-compliant fast by helping you build out a compliance framework from the ground up. Our step-by-step guidance and training will ensure your organization is able to breeze through every step of the process without any hiccups—because we’ll have your back.

We’ll also ensure you’re ready for the California Privacy Rights Act (CPRA)—which gives consumers more control over their personal data and holds businesses more accountable for protecting it—which will take effect on January 1, 2023 and replace the CCPA.

Becoming CCPA Compliant

Managing CPPA through Strike Graph's platform makes compliance easier and more efficient.

SG icons-6

Build Brand Legitimacy

Small and mid-sized businesses can use CCPA compliance to signal to consumers that they have a comparable level of organization and staying power as larger, established companies.

Automate evidence collection-1

Don’t Get Fined

It can cost you $2,500 for each CCPA violation, or $7,500 for each intentional violation. A violation occurs each time a consumers' rights are violated by a non-compliant business.

Unlock Large

Uphold Data Privacy

CCPA is a critical part of the data privacy experience you create for your consumers; every privacy touchpoint should be clear and transparent. This way, consumers feel their needs are being addressed and can better understand the process.

Experts and software

Increase Consumer Trust

Consumers today are more aware than ever of how much personally identifiable information they share with businesses, and they want to know companies take their privacy seriously. By giving them the opportunity to make privacy requests, your organization can build a great amount of trust and goodwill.

Achieve

Create a Competitive Advantage

Create a competitive advantage for your organization by ensuring consumers feel their needs are being addressed. Get out ahead of privacy laws that will be implemented in the future.

Leveraging the power

Plan for Future Compliance

Data privacy laws like CCPA will be the way of the future for businesses operating in most U.S. states, if not nationally. For businesses with an online presence, it’s a question of when—not if—one of these new privacy laws will apply to you. If you’re already CCPA compliant, it will require much less effort to comply with similar laws from other states down the road.

Satisfied Customers

Cybersecurity compliance platform of choice for growing digital and technology businesses

Additional CCPA Resources

Learn everything you need to know about CCPA.

Learn how you can leverage Strike Graph for your cybersecurity needs

CCPA: The More You Know

CCPA Consumer Rights

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. CCPA give consumers the right to:

  • Know whether personal data is collected about them
  • Know what personal data is being collected about them
  • Know specific categories of data a business collects about them
  • Know categories of third parties with whom personal data is shared
  • Know categories of sources of personal data
  • Know the business or commercial purpose of collecting personal information
  • Move (port) their personal data
  • Say no to the sale (or exchange) of their personal data
  • Delete their personal data

 

CCPA Regulations

The CCPA regulations provide guidance on how to implement the law. These regulations consist of six articles:

  1. Article 1: General Provisions; includes title and scope and definitions.
  2. Article 2: Notices to Consumers; includes overview of required notices, notice at collection of personal information, notice of right to opt-out of sale of personal information, notice of financial incentive, and privacy policy.
  3. Article 3: Business Practices for Handling Consumer Requests; includes methods for submitting requests to know and requests to delete, responding to requests to know and requests to delete, service providers, requests to opt-out, requests to opt-in after opting-out of the sale of personal information, training, record-keeping, and requests to know or delete household information.
  4. Article 4: Verification of Requests; includes general rules regarding verification, verification for password-protected accounts, verification for non-account holders, and authorized agent.
  5. Article 5: Special Rules Regarding Consumers Under 16 Years of Age; includes consumers under 13 years of age, consumers 13 to 15 years of age, and notices to consumers under 16 years of age.
  6. Article 6: Non-Discrimination; includes discriminatory practices and calculating the value of consumer data.

 

What is a Data Subject Access Request (DSAR)?

A Data Subject Access Request (DSAR) allows people to make their desire to access, change, and control the data businesses collect about them known. Your company will need to provide methods for people to register these requests and respond accordingly. Such disclosures include data covered 12 months before the request.

DSARs include people seeking to know what data your organization holds about them, your intentions for collecting and using that data, to correct their data preferences, to exercise their “right to be forgotten” (to have an organization erase their records), etc.

 

What is the Do Not Sell Requirement?

When it comes to the consumer right to opt out of the sale of personal information, businesses are required to provide two or more methods for submitting such requests. These methods should require minimal steps to allow consumers to opt out and be easy for them to execute.

 

How Do I Achieve CCPA Compliance?

In order to be compliant, your business should disclose your CCPA obligations front and center on your website (and wherever else you collect consumer data). Ask consumers to opt in or out of sharing some or all aspects of their personal data, including information collected by pixels, cookies, and other tracking technologies.

Additionally, you need to share all privacy information with consumers in a central place on your website. This information should include:

  • Your latest privacy policy describing consumer rights, including any state privacy policies that apply (like CCPA)
  • An “opt-out” button
  • A way for consumers to submit a Data Subject Access Request (DSAR)
  • A way to capture, validate, and retain DSARs and enact Do Not Sell requests

When responding to a DSAR, you’ll typically need to access, modify, and delete data from your backend data management systems that host personal data.

Demonstrating CCPA Compliance

You’ll need to create internal reports that demonstrate your compliance and—if you disclose personal information to third parties—show that you can send deletion requests and ensure they’re being followed. You’ll also need to maintain updated suppression lists and demonstrate they are being applied both internally and by third parties.

 

Getting Ready for the California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA) will take effect on January 1, 2023 and replace the CCPA. The CPRA is widely viewed as California’s version of the GDPR; it gives consumers more control over their personal data and holds businesses more accountable for protecting the data they collect and process.

The CPRA will apply to any legal entity that 1. Does business in the State of California—regardless of where they are located—2. Collects consumers’ personal information, and 3.:

  • Buys, sells, or shares the personal information of 100,000 or more consumers or households in a year, OR
  • Derives 50% or more of its annual revenue from selling or sharing consumers’ data

The Act also requires regulated businesses to provide CPRA training to employees dealing with consumer inquiries related to company privacy practices, as well as anyone responsible for the organization’s CPRA compliance.