What is CCPA?

What you need to know

The California Consumer Privacy Act (CCPA) on California’s existing privacy law. In the absence of federal law, Microsoft recently decided to make it the company’s United States standard.

How will consumers’ new rights impact your business? Read our new whitepaper, The Simple Guide to CCPA, written by our data privacy experts to find out how CCPA compliance will impact your business.

Download Whitepaper

California Consumer Privacy Act

Privacy law is evolving in the United States and in particular for Californians. The privacy legislation around collecting personal information from California residents is in some ways more strict than the General Data Protection Regulation (GDPR) in Europe.

While there is a minimum annual revenue threshold involved, the definitions around what constitutes personal data is also different for this new law. The privacy protections CCPA affords California residents requires a deeper understanding for companies both in the United States and outside. Luckily, you don't need to google each question you have. We will summarize this new data privacy law in the following whitepaper.


If you already comply with the EU’s GDPR (General Data Privacy Regulation) does that mean you’re ready for the California Consumer Privacy Act (CCPA)? Or do the new draft regulations from the State of California Attorney General say that you need to handle personal information (PI) differently?

As an untested law attempting to regulate the way that rapidly evolving tech handles consumer data the law still has some gray areas. The Simple Guide to CCPA will help you get a handle on the new rights consumers will have under the law by clarifying how businesses will need to handle the collection of consumers’ personal information to comply with the law and help protect against data breaches.

CCPA Regulation Checklist

The California Consumer Privacy Act applies to anyone meeting any of these three thresholds, who has “ties” to California via employees, consumers, or either directly or indirectly control the collection of personal information of residents in California:

  • Annual gross revenues > $25M
  • Receives or shares personal information (PI) of 50,000 or more consumers, households, or devices for commercial purposes
  • 50% or more of a business’s annual revenue comes from selling consumers’ PI

CCPA Risks & Fines

  • Intent matters: To be levied by California’s State Attorney General after breaches, intentional violations run $7,500 per violation and unintentional at $2,500.
  • Civil action possible: If you experience a breach and haven’t taken “reasonable” steps to secure the data following current best practices, you could open yourself to civil lawsuits and may pay $100 to $750 per California resident and incident — or actual damages — whichever is greater.

Why GDPR compliance isn’t enough. Get The Simple Guide to CCPA.

Download Whitepaper

Make the internet safer

Implement Auth0 today