close
close
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
header image

Highlights: The Impact of CCPA

icon

Increases Privacy’s cost

In 2022, it cost businesses $648K per million identities to process Deletion and Access requests. This is an increase of $409K per million identities compared to 2021.

icon

Empowers Consumers to Opt Out of Data Sharing

34.7% of privacy requests in 2022 were people opting out of data selling and sharing. The CCPA makes it clear companies must honor opt-out requests from Californians.

icon

Protects Consumer & Employee Privacy

People have the right to access, delete, and rectify their data. They can also limit the use of their sensitive data and opt out of their data being sold or shared for advertising purposes.

icon

Increases Consumer Privacy Awareness & Number of Fines Companies May Receive

The CPPA was formed to enforce and interpret the CCPA. They have a $10 million annual budget to educate, make rules, and enforce those rules.

icon

Drives Data Minimization & Clear Data Usage Practices

The CCPA encourages sound data retention and minimization practices, and the CPPA has strong language around “dark patterns,” or manipulating people into giving consent.

icon

Encourages Tight Third-Party Vendor Management

Data sprawl across SaaS and company systems continues to rise, and manual data mapping exercises miss 50% of third-party SaaS apps. CCPA requires companies to keep close tabs on third-party vendors, contractors, and service providers.

icon

For a deeper look into some of these privacy request statistics, check out our Privacy Trends 2024 report

Privacy Request Volume Continues to Increase

Millions of Californians are exercising their data privacy rights thanks to the CCPA. People submitted 72% more data subject requests (DSRs) in 2022 than in 2021.

Privacy Requests per million chart

The CCPA timeline

  • Jan 2020
    timeline marker
    CCPA goes into effect
  • Jan 2021
    timeline marker
    CPRA made law and CPPA is established
  • Jan 2022
    timeline marker
    12-month lookback period for collected data commences
  • Jul 2022
    timeline marker
    CPPA commences process to update existing and adopt new regulations
  • Jan 2023
    timeline marker
    CPRA amendment becomes effective
  • Mar 2023
    timeline marker
    OAL approves CPPA’s proposed regulations
  • Jun 2023
    timeline marker
    CA Superior Court issues one-year delay for OAL-approved CPRA regulations from March 2023
  • Jul 2023
    timeline marker
    CPRA statute becomes enforceable by the CPPA

The Basics: CCPA, CPRA, and CPPA

Privacy is complex, and so are the acronyms.

CPRA amended the CCPA with enhanced privacy protections for Californians upon passage in 2020. At the beginning of 2023, the CPRA amendment became effective, and in March 2023, California’s Office of Administrative Law (OAL) approved the updated regulations put forth by the CPPA.

The CPPA (“the Agency,” for clarity’s sake) is a regulatory body with full administrative power to interpret the provisions of the CCPA and enforce prescribed sanctions and penalties for violations. The Agency is initially operating with an annual budget of $10 million to hire staff, enforce the law, and drive awareness.

The Agency has four primary functions:

  • Education: Promote public awareness around data privacy
  • Rulemaking: Issue new rules or update existing ones
  • Enforcement: Investigate violations, impose necessary fines, and go to court in a civil action to recover unpaid fines
  • Certification: Accredit organizations falling outside the scope of the CCPA that still wish to certify their privacy programs