United States California Consumer Privacy Act (CCPA)

Although there’s no single federal-level legislation for data privacy, data collection, processing, or transfer in the U.S., CCPA is a widely recognized compliance standard that safeguards customer privacy. Similar to the European Union’s GDPR, CCPA gives consumers control over their personal information. There are hundreds of laws at both the federal and state level designed to protect the data of U.S. citizens. The Federal Trade Commission Act protects U.S. citizens from unfair or deceptive practices and enforces federal privacy and data protection regulations.

Key Facts About Data Privacy in the U.S.

  • Dot Forty-seven U.S. states have no consumer data privacy laws, however, bills are pending in 16 states and six states have study committees or task forces.
  • Dot Only four states have enacted comprehensive consumer data privacy laws—California, Colorado, Utah, and Virginia.
  • Dot There are many industry-specific laws, such as HIPAA for healthcare, PCI for credit cards, and the Gramm-Leach-Bliley Act for banking.
  • Dot Since its enactment in 2018, companies that are close to or have reached compliance with GDPR have fewer data breaches and lower overall costs per breach than companies that aren’t. (Source: Cisco)
Key Facts About Data Privacy in the U.S

About CCPA and CPRA

CCPA, which went into effect June 2018, was the first major legislation that focused on consumer privacy rights and data protection. It’s one of the most stringent privacy laws of any state. The framework provides a set of regulatory standards for the collection and sale of personal data. CCPA gives consumers the power to either consent to data collection or not, as well as request deletion of information. It also introduced new obligations for businesses to disclose information about data collection and protections, and gives consumers the right to opt out of having their information sold.

Proposition 24, more commonly known as California Privacy Rights Act (CPRA), went into effect December 2020. CPRA is also referred to as CCPA 2.0, since it’s a significant upgrade. CPRA doesn’t completely replace CCPA, it amends existing CCPA provisions and adds new provisions to better safeguard the privacy of data subjects. CCPA and CPRA do not apply to non-profit organizations or government agencies.

Key Rights Under CCPA and CPRA

Key Rights Under CCPA and CPRA

  • Dot Data subjects must have adequate knowledge of what personal information is being collected and how the organizations intend to use it.
  • Dot Individuals have the right to know who is collecting their personal data and why. At any point, individuals can request the disclosure of data
  • Dot The framework gives the right to delete personal data collected from consumers.
  • Dot Consumers have the right to opt-out as well as opt-in of the sale of personal data.
  • Dot Individuals have the right to initiate a private course of action for data breaches.
  • Dot CPRA gives individuals the right to rectify inaccurate personal information.
  • Dot CPRA gives individuals the right to limit the use and disclosure of sensitive personal data.

The information on this page is provided for educational purposes only and should not be confused with or construed as Annex Cloud’s compliance capabilities or scope. Learn more about Annex Cloud’s enterprise-ready solution, including security, privacy and compliance.

See Loyalty in Action

Be inspired with endless ways to make every customer interaction rewarding.


We Can Help

Let's explore how loyalty can help you become one of your customers' most beloved brands.


©2021 All Rights Reserved. AnnexCloud