Seraphim
セラフィム Vietnam
California Consumer Privacy Act + CPRA Amendments
Assess your organization's compliance with the California Consumer Privacy Act and CPRA amendments. This tool evaluates consumer rights fulfillment, opt-out mechanisms, data security, and service provider requirements.
The California Consumer Privacy Act (CCPA) grants California residents rights over their personal information and imposes obligations on businesses. The California Privacy Rights Act (CPRA) amended CCPA effective January 1, 2023, expanding consumer rights and creating the California Privacy Protection Agency (CPPA).
Consumer rights to know what data is collected
Do you disclose at or before collection the categories of personal information collected and purposes?
Can you respond to verified consumer requests within 45 days (with extension if needed)?
Do you provide at least two methods for consumers to submit requests (e.g., web form, toll-free)?
Consumer rights to request deletion
Do you have processes to delete consumer personal information upon verified request?
Do you notify service providers and contractors to delete data upon consumer request?
"Do Not Sell or Share My Personal Information"
Do you have a clear "Do Not Sell or Share My Personal Information" link on your homepage?
Do you honor Global Privacy Control (GPC) browser signals as opt-out requests?
Do you wait at least 12 months before asking consumers who opted out to opt back in?
Consumer right to correct inaccurate information
Do you have processes to correct inaccurate personal information upon verified request?
Right to limit use of sensitive data
Do you provide a "Limit Use of My Sensitive Personal Information" link if you use SPI beyond what's necessary?
Do you disclose categories of sensitive personal information collected in your privacy policy?
Required disclosures in privacy notice
Does your privacy policy list categories of PI collected, sources, purposes, and third parties shared with?
Do you update your privacy policy at least annually and include the date of last update?
Does your privacy policy explain consumer rights and how to exercise them?
Third-party data sharing requirements
Do you have written contracts with service providers that restrict their use of personal information?
Do your service provider contracts include CCPA-required provisions (purpose limitation, deletion, compliance certification)?
Equal treatment for exercising privacy rights
Do you ensure consumers are not discriminated against for exercising their CCPA rights?
Reasonable security measures requirement
Do you implement reasonable security procedures appropriate to the nature of the data?
Do you have a data breach response plan including notification procedures?
Staff training and metrics tracking
Do you train personnel who handle consumer inquiries on CCPA requirements?
Our consultants help businesses implement CCPA-compliant systems, update privacy policies, and establish consumer request workflows. Serving clients globally with US privacy law expertise.
💬 Get Free ConsultationThe California Consumer Privacy Act (CCPA), codified at Cal. Civ. Code §§ 1798.100-1798.199.100, is a landmark state privacy law that grants California residents significant rights over their personal information. Effective January 1, 2020, it was substantially amended by the California Privacy Rights Act (CPRA) effective January 1, 2023.
CCPA applies to for-profit businesses that collect California residents' personal information AND meet at least one threshold:
The California Attorney General and California Privacy Protection Agency (CPPA) enforce CCPA/CPRA with civil penalties of up to $2,500 per unintentional violation and $7,500 per intentional violation. Additionally, consumers have a private right of action for data breaches resulting from failure to implement reasonable security, with statutory damages of $100-$750 per consumer per incident.
While both regulate personal data, important distinctions include: