CCPA Compliance
The first state privacy law passed in the US, the California Consumer Privacy Act (CCPA) took effect in 2023. Failing to comply with the laws exposes businesses to financial risk. The state Attorney General can issue fines of up to $7500 per violation. Sephora was hit with a $1.2m settlement for CCPA violations. The CCPA includes a private right of action for data breaches, allowing consumers to file civil suits and opening the door for class action lawsuits.
For businesses, the CCPA added complexity to privacy regulation compliance. CompliancePoint’s team of privacy and technology experts understand the CCPA and its impact on your business. We will work with you to implement controls that ensure CCPA compliance while minimizing interruptions to day-to-day operations. Our services are customizable, so you can craft a package that focuses on your pain points and high-priority tasks while staying within your budget.
Our engagements often include a combination of the following services:
Identify
Assess + Audit
Our assessment and audit services assist you with anything from a roadmap for CCPA compliance to testing the controls you built to comply. Rest easy knowing that your program has been reviewed by experts.
Mitigate
Program Design + Implementation
Our consulting services assist you with designing and implementing a custom CCPA privacy program that fits your business’s budget, appetite for risk, and industry risk.
Manage
Program Management
Our consultants maintain the accuracy and relevancy of your CCPA privacy program and perform regular audits to ensure it is performing as it was designed to perform.
Does your organization have a formal process in place to honor consumer privacy rights under the CCPA? Take our CCPA Readiness Self-Assessment to determine your organization's CCPA compliance posture.
Our Focus
Our CCPA services are focused on helping organizations achieve and maintain compliance with the law. CompliancePoint will work with you to design and implement a privacy program that satisfies all requirements in the CCPA.
Privacy Notices
Data Processing
Privacy Impact Assessments
Vendor Management
Opt-out Management
Information Security
Breach Notification
Consumer Rights
Privacy by Design
Data Minimization
Our Benefits
Objective & knowledgeable assessments
Proven techniques and strategies
Cost savings
Target high-priority tasks
Access to cutting-edge tools & technology
No turnover
Education & awareness
Program benchmarking
Objective & knowledgeable assessments
Proven techniques and strategies
Cost savings
Target high-priority tasks
Access to cutting-edge tools & technology
No turnover
Education & awareness
Program benchmarking
Let's get you started with CCPA Compliance
Learn More About the CCPA
Any business, regardless of location, must comply with the CCPA if they meet the following criteria:
• Has annual revenue of $25 million or more
• Controls or possesses the data of 100,000 or more California residents
• Derives 50% or more of its revenue from the sale of personal data
The CCPA requires companies to provide notices to California consumers that disclose what personal information is collected, the purpose for collection, and selling and sharing practices. Further, the law provides rights to consumers including the ability to opt out of the selling of their data, as well as:
• The right to know what personal information is collected
• The right to know whether their personal information is sold or disclosed and to whom
• The right to access their personal information
• The right to request the deletion of their personal information
• The right to equal service and price, regardless if they exercise their privacy rights
Potential Risks
Fines + Enforcement
The California Attorney General has been vocal about enforcing the CCPA, and has the ability to levy stiff fines against businesses who violate the regulation. Penalties range from $2,500 to $7,500 per willful violation, and these can compound if an organization is unaware of a violation or is negligent in complying.
Private Right of Action
Plaintiffs can also seek between $100 and $750 per incident if a breach occurs. While limited to the breach provision under the CCPA, plaintiffs are testing the other aspects of the CCPA and whether the courts will award damages for other provisions under the CCPA.
Public Reputation + Consumer Trust
Consumer awareness surrounding how businesses are processing and handling their personal information is at an all-time high. Consumers are more likely to do business with companies they trust to protect their personal information and where processing activities are aligned with consumer expectations. The CCPA places the onus on businesses to comply and creates avenues for consumers and regulators to ensure that penalties ensue if businesses are not following the rules.
10 Billion+
Records Audited
150+
Cases as an
Expert Witness
2,500+
Companies Served
+86
Net Promoter Score - Our Customers Love Us!
