CCPA
California Consumer Privacy Act for personal information rights
What you'll receive:
- Scored gap report showing your compliance level
- AI-generated findings prioritized by severity (Critical, High, Medium, Low)
- Actionable recommendations for each finding
- Professional PDF report for leadership and auditors
Not sure which framework? Compare all 37+ frameworks or start with our baseline assessment.
Overview
The California Consumer Privacy Act (CCPA), effective January 1, 2020, is a comprehensive privacy law that gives California residents extensive rights over their personal information. It applies to businesses that collect personal information from California residents and meet certain thresholds. The CPRA (California Privacy Rights Act) amendments took effect in 2023, strengthening enforcement and expanding rights.
Key Features
Consumer rights: access, deletion, opt-out, correction, and portability
Notice at collection and privacy policy requirements
Do Not Sell My Personal Information opt-out
Sensitive personal information limitations
Data minimization and purpose limitation
Service provider and contractor requirements
Private right of action for data breaches
Benefits
Required for businesses serving California residents
Demonstrates commitment to consumer privacy
Builds customer trust and brand reputation
Avoids significant fines (up to $7,500 per violation)
Improves data governance practices
Aligns with global privacy regulations
Reduces data breach liability
Who Should Use This Framework
Businesses with California customers
Companies meeting CCPA thresholds (revenue, data volume)
Organizations selling personal information
Service providers processing California resident data
E-commerce and online businesses
Data brokers and advertising technology companies
Sample Assessment Questions
Get a preview of the types of questions included in this assessment. Our comprehensive questionnaires help you identify gaps and strengthen your security posture.
Do you provide a clear and conspicuous notice at collection of personal information?
Have you implemented a process to respond to consumer rights requests within 45 days?
Do you provide a 'Do Not Sell My Personal Information' link on your homepage?
Have you updated your privacy policy to include all CCPA-required disclosures?
Do you maintain records of consumer requests and your responses for at least 24 months?
Have you implemented age verification for the sale of minors' personal information?
Do you have contracts in place with service providers that include CCPA requirements?
Have you implemented reasonable security measures to protect personal information?
Do you conduct regular training for employees who handle consumer requests?
Have you designated methods for consumers to submit requests (toll-free number, website)?
Note: These are just a few examples. The complete assessment includes comprehensive questions across all control areas, with AI-powered guidance to help you implement improvements.
Related Frameworks
Ready to Strengthen Your Security Posture?
Start your CCPA assessment today and identify areas for improvement