California Consumer Privacy Act (CCPA)

CCPA applies to business that engage with California residents and meets one of these 3 criteria.

1. Annual gross revenue exceeding $25 million.
2. Dealing with 50000 or more households , devices , or consumers for commercial purposes.(After CPRA 100000)
3. Earning 50% or more of there annual revenue through sale of there personal information.

Consumer Rights under CCPA 

1. Right to rectify inaccurate personal information.
2. The right to access collected personal information.
3. The right to be informed about personal information collected.
4. The right to Opt-Out of the data sharing processing and selling.
5. The right to limit the use of the and disclosure of sensitive personal information.
6. The right to Opt-Out of automated decission making tech.
7. The right to data portability (It allows individuals to obtain a copy of their prsonal data from data controller.)
8. The right to non-discrimination for exercising CCPA rights.
9. The right to request the deletion of personal data.

CCPA Compliance Checklist 

1. Determine Applicability : Check if your busniness comes under any of the 3 criitria of CCPA
2. Data Mapping and Inventory : Create a data map to understand what kind of personal data you collect , where it is stored and how it is processed. 
3. Revise Privacy Policies : It is important to keep in mind not to create just any CCPA privacy policies but to create one that is in line with CCPA requirement and respect the consumer laws under CCPA.
4. Update your website : "Add an Opt-Out button" , “Do Not Sell or Share” link .
5. Create Request Handling Procedures : The request can happen through online portals , toll-free numbers or e-mail channels. Make sure to respond to requests within 45 days.
6. Educate employees : Train employees about internal processes and time line , How to handle consumer data and about the rights of the consumers.
7. Record-Keeping and Auditing : Maintain all internal records of consumer requets , Data processing activities. 

CPRA 

California Privacy Rights Act (CPRA) it was officialy enforced in 1 January 2023.The CPRA (California Privacy Rights Act) is not a replacement of the CCPA, but an amendment that strengthens and expands the CCPA.

Key Changes in CPRA

1. New Enforcement Authority : The California Privacy Protection Agency (CPPA) has been established as a dedicated authority with the power to investigate, enforce, and create privacy regulations.
2. Thresholds : CPRA raises some thresholds to 100,000 consumers/households rather than 50,000. 
3. Automated Decision‑Making / Profiling :  CPRA requires transparency about automated decision‑making, including profiling, and gives right to opt out in certain cases.
4. Opt‑out of “Sharing" : CPRA expands that to include sharing for cross‑context behavioral advertising (even if no money changes hands) and strengthens opt‑out requirements. 
5. Right to Correct & Right to Portability : CPRA adds the right to correct inaccurate personal information and expands data portability: consumers can request info in a portable format.

Penalties

1. Violations can result in penalties of up to $2,500 per unintentional violation and $7,500 per intentional violation.
2. CPRA adds fine of $7500 per violation involving minors (under 16).