California Consumer Privacy Act


The California Consumer Privacy Act is set to go into effect on January 1, 2020. The CCPA, similar in nature to GDPR, will provide California residents with new consumer data rights.

Javier Orraca (Scatter Podcast)

The California Consumer Privacy Act (“CCPA”) data rights include, but are not limited to, the following:

CCPA will only apply to businesses that meet one or more of these three criteria:

  1. have annual revenues greater than $25 million USD,
  2. businesses that buy / receive / sell personal information of 50k+ consumers, or
  3. businesses that derive 50% or more of annual revenues from selling consumers’ personal information

CCPA exempt businesses include HIPAA-compliant health insurers and providers, certain financial institutions, and credit reporting agencies.

The expected fine per unintentional and intentional violation is $2,500 and $7,500, respectively. Fines make sense, but I hope that the California Department of Justice can establish clear reporting and audit requirements to enforce these new regulations.



Text and figures are licensed under Creative Commons Attribution CC BY 4.0. The figures that have been reused from other sources don't fall under this license and can be recognized by a note in their caption: "Figure from ...".


For attribution, please cite this work as

Orraca (2020, Jan. 4). Javier Orraca: California Consumer Privacy Act. Retrieved from

BibTeX citation

  author = {Orraca, Javier},
  title = {Javier Orraca: California Consumer Privacy Act},
  url = {},
  year = {2020}