CCPA Compliance

What is CCPA?
The CCPA or California Consumer Privacy Act gives California consumers new privacy rights such as the right to know what data businesses collect about them, to obtain a copy of that data, to request that it be deleted and to request that it not be sold. Here’s the official statute and the statute in a Google document where you can ask and answer questions.

How CCPA Toll Free Helps
The CCPA generally requires businesses subject to the law to (1) establish a toll-free number (a privacy hotline) and (2) to provide a Do Not Sell My Personal Information link / interactive web form, in each case to enable consumers to register their privacy preferences . We simplify compliance with this aspect of the law.

Looking for CCPA Resources?
If you’re looking for legal advice or to connect with other services providers we recommend, see our CCPA resources page.

Illustrated woman of color happy on mobile device setting privacy.

Follow Privacy Best Practices — In No Time!

Did you know more than ten states have bills pending that endorse or require toll-free hotlines and elements of the CCPA? There is no reason to limit your privacy hotline and privacy request manager web for to California consumers. Offer it to everyone before it’s required and differentiate your business as a privacy a leader. You can set up your hotline and interactive web form in minutes.

Guide to CCPA Compliance: 8 steps & solutions

Lean how businesses comply with the California Consumer Privacy Act (“CCPA”), including how to use CCPA compliance software and services to streamline your privacy operations. Here is a series of eight articles indexed below— updated as of December 2020 and based on the final CCPA law, as amended, and the latest final regulations promulgated by the California Attorney General.

  1. Personal Information—CCPA Right to Know, Delete and Do Not Sell Requests
  2. What is a Sale Under CCPA?
  3. What Contact Methods Must I Provide to Consumers Under CCPA?
  4. A Guide to Verifying Consumer Requests for CCPA
  5. Workflows for Responding to CCPA Requests
  6. How to Document and Audit CCPA Compliance
  7. CCPA vs. COPPA: Working with Children’s Information
  8. Privacy Rights Discrimination and Loyalty Programs

The Importance of Privacy Laws

The fourth amendment to the U.S. Constitution protects Americans from privacy intrusions by governments only, and does not constrain private businesses. Privacy laws like CCPA fill in that gap by applying to business entities that today have access to an enormous amount of personal data. That data can be used to unlock myriad conveniences for consumers, and if used unethically, it can also harm consumers (e.g., subjecting them to undue influence or putting their security at risk).

Privacy professionals must consider the implications of what data their business collects and how it is used. This is not only an ethical mandate, but one that is now enshrined in US law by the CCPA. 

Privacy is important as a freedom to be valued, just like the freedom of speech. Privacy impacts how people act and how they feel. This is obvious if you consider how people adapt their behavior if they know they are being monitored. The mark of a true privacy professional is someone who never forgets the importance of privacy as a form of freedom while she or he guides the businesses they serve to making productive uses of data that unlock great value for consumers. In other words, a true professional exercises good judgment in balancing the use of rich data with its associated risks. 

Does CCPA Apply to Me?

If you’ve read this far and are still wondering if the CCPA applies to your business, the answer is, “very likely yes, no matter where in the world you are located, if you do business at scale in California.” For the specific revenue and data collection thresholds that apply to determining whether or not CCPA applies, please see our FAQ on this topic

Free CCPA Training and CPE Credit 

The CCPA requires businesses not only to update their privacy policies but also to train their staff in privacy compliance. If you are a privacy professional in need of formal training, CCPA Toll Free offers a free, CPE eligible 30 minute video course and a training certificate at This CCPA Compliance series is adapted and condensed from the CCPA Free Training content (see all training slides, including image credits, here).  

The CCPA requires businesses to train all of their staff that either handle consumer privacy requests or who are responsible for implementing privacy policies and CCPA compliance. Most businesses focus their training efforts on the customer service teams who interact daily with consumers, the product managers who dictate what information a service will collect, and the marketing and other data stakeholders within an organization that exploit consumer data. For more information about CCPA training, see also our article in CPO Magazine

The articles in this CCPA compliance section both broadly and narrowly, concentrating on the first steps a business should take—implementing the most visible signs of privacy compliance—along with how to develop good privacy management processes.