Xano LogoSECURITY CENTERSECURITY CENTER
No code developer friendly
Developer friendly no code
CCPA

CCPA

The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. Enacted in 2018 and effective from January 1, 2020, the CCPA grants California residents several new rights with respect to their personal information held by businesses.

Key provisions of the CCPA include:

Right to Know: Consumers have the right to request that a business disclose the categories and specific pieces of personal information it collects, the purposes for which the information is collected, and with whom it is shared.

Right to Delete: Consumers can request the deletion of their personal information held by a business, subject to certain exceptions.

Right to Opt-Out: Consumers have the right to opt-out of the sale of their personal information by a business. Businesses are required to provide a clear and conspicuous link titled "Do Not Sell My Personal Information" on their website.

Right to Non-Discrimination: Businesses cannot discriminate against consumers who exercise their rights under the CCPA.

Data Breach Penalties: The CCPA includes provisions for penalties if a consumer's non-encrypted and non-redacted personal information is subject to unauthorized access, theft, or disclosure as a result of a business's failure to implement and maintain reasonable security procedures.

The CCPA applies to any for-profit entity that does business in California, collects consumers' personal data, and satisfies at least one of the following thresholds: has annual gross revenues in excess of $25 million, buys or sells the personal information of 50,000 or more consumers or households, or earns more than half of its annual revenue from selling consumers' personal information.

The act is a significant piece of privacy legislation in the United States and has inspired other states to consider similar measures. It's often compared to the GDPR, Europe's data protection regulation, although there are notable differences in scope and application.