Highlights: The Impact of CCPA
Increases Privacy’s cost
In 2022, it cost businesses $648K per million identities to process Deletion and Access requests. This is an increase of $409K per million identities compared to 2021.
Empowers Consumers to Opt Out of Data Sharing
34.7% of privacy requests in 2022 were people opting out of data selling and sharing. The CCPA makes it clear companies must honor opt-out requests from Californians.
Protects Consumer & Employee Privacy
People have the right to access, delete, and rectify their data. They can also limit the use of their sensitive data and opt out of their data being sold or shared for advertising purposes.
Increases Consumer Privacy Awareness & Number of Fines Companies May Receive
The CPPA was formed to enforce and interpret the CCPA. They have a $10 million annual budget to educate, make rules, and enforce those rules.
Drives Data Minimization & Clear Data Usage Practices
The CCPA encourages sound data retention and minimization practices, and the CPPA has strong language around “dark patterns,” or manipulating people into giving consent.
Encourages Tight Third-Party Vendor Management
Data sprawl across SaaS and company systems continues to rise, and manual data mapping exercises miss 50% of third-party SaaS apps. CCPA requires companies to keep close tabs on third-party vendors, contractors, and service providers.
For a deeper look into some of these privacy request statistics, check out our Privacy Trends 2024 report
Privacy Request Volume Continues to Increase
Millions of Californians are exercising their data privacy rights thanks to the CCPA. People submitted 72% more data subject requests (DSRs) in 2022 than in 2021.
The CCPA timeline
-
Jan 2020
CCPA goes into effect -
Jan 2021
CPRA made law and CPPA is established -
Jan 2022
12-month lookback period for collected data commences -
Jul 2022
CPPA commences process to update existing and adopt new regulations -
Jan 2023
CPRA amendment becomes effective -
Mar 2023
OAL approves CPPA’s proposed regulations -
Jun 2023
CA Superior Court issues one-year delay for OAL-approved CPRA regulations from March 2023 -
Jul 2023
CPRA statute becomes enforceable by the CPPA
The Basics: CCPA, CPRA, and CPPA
CPRA amended the CCPA with enhanced privacy protections for Californians upon passage in 2020. At the beginning of 2023, the CPRA amendment became effective, and in March 2023, California’s Office of Administrative Law (OAL) approved the updated regulations put forth by the CPPA.
The CPPA (“the Agency,” for clarity’s sake) is a regulatory body with full administrative power to interpret the provisions of the CCPA and enforce prescribed sanctions and penalties for violations. The Agency is initially operating with an annual budget of $10 million to hire staff, enforce the law, and drive awareness.
The Agency has four primary functions:
- Education: Promote public awareness around data privacy
- Rulemaking: Issue new rules or update existing ones
- Enforcement: Investigate violations, impose necessary fines, and go to court in a civil action to recover unpaid fines
- Certification: Accredit organizations falling outside the scope of the CCPA that still wish to certify their privacy programs