CCPA Compliance
California Consumer Privacy Act
TRIAS enables businesses to achieve comprehensive CCPA compliance for protecting California residents' personal information. Implement required safeguards, honor consumer rights (access, deletion, opt-out), maintain detailed records, and avoid penalties up to $7,500 per intentional violation.
Per intentional violation
Automated workflows
All consumer rights
Prevent data breaches
CCPA Requirements
Key obligations for businesses processing California data
Consumer Right to Know
Disclose categories of personal information collected, sources, purposes. Provide access to specific data upon request.
Consumer Right to Delete
Delete consumer personal information upon verified request. Notify service providers to delete data.
Right to Opt-Out of Sale
Provide clear "Do Not Sell My Personal Information" link. Honor opt-out requests within 15 days.
Non-Discrimination
Cannot deny goods/services, charge different prices, or provide different quality for exercising CCPA rights.
Service Provider Requirements
Contracts with service providers must restrict use of personal information. Certify compliance with restrictions.
Data Security Obligations
Implement reasonable security procedures. Protect personal information from unauthorized access, destruction, use, modification.
TRIAS for CCPA Compliance
Complete controls for California privacy law
Personal Information Discovery
Automatically discover and classify California residents' personal information. Maintain comprehensive data inventory.
Consumer Rights Automation
Automated workflows for access, deletion, opt-out requests. Verify consumer identity, locate data, execute requests within statutory timeframes.
Sale Tracking & Opt-Out
Monitor data transfers to third parties. Track "sales" of personal information. Implement opt-out preferences across systems.
Compliance Documentation
Maintain records of data processing activities, consumer requests, opt-outs. Generate audit-ready compliance reports.
CCPA Consumer Rights
Rights granted to California residents
Right to Know
Categories and specific pieces of personal information collected. Sources, business purposes, third parties with whom shared.
Right to Delete
Request deletion of personal information. Business must delete and direct service providers to delete.
Right to Opt-Out
Opt-out of sale of personal information. Must honor within 15 business days. No opt-in for 12 months.
Right to Non-Discrimination
Equal service and pricing regardless of exercising CCPA rights. Financial incentives allowed if reasonably related.
Right to Correct (CPRA)
Request correction of inaccurate personal information. Effective 2023 under California Privacy Rights Act.
Right to Limit Use (CPRA)
Limit use and disclosure of sensitive personal information. Applies to SSN, financial, health, biometric data.
CCPA Personal Information Categories
Defined categories under California law
Identifiers
Real name, alias, postal address, email, IP address, account name, SSN, driver's license, passport.
Commercial Information
Purchase history, products/services obtained, purchasing tendencies, consumer profiles.
Biometric Information
Fingerprints, faceprints, voiceprints, iris/retina scans, keystroke patterns, gait patterns.
Internet Activity
Browsing history, search history, interaction with websites/apps/ads, cookies, beacons.
Geolocation Data
Physical location, movements, GPS coordinates, device location, travel patterns.
Sensory Information
Audio, electronic, visual, thermal, olfactory information, call recordings, photos, videos.
Professional Information
Employment history, performance evaluations, disciplinary records, current employer.
Education Information
Records maintained by educational institutions, grades, transcripts, degrees, disciplinary records.
Sale vs. Sharing Under CCPA
Understanding disclosure obligations
Sale of Personal Information
Selling, renting, releasing, disclosing, transferring for monetary or valuable consideration. Requires opt-out.
Sharing for Cross-Context Ads
Sharing personal information for cross-context behavioral advertising. Treated like sale under CPRA.
Exemptions from Sale
Disclosures to service providers, required by law, mergers/acquisitions, consumer-directed transfers.
Service Provider Contracts
Written contracts prohibiting selling, retaining, using for purposes outside business relationship.
CCPA Applicability Thresholds
Who must comply with CCPA
Annual Revenue Threshold
Annual gross revenue exceeds $25 million. Applies to for-profit entities doing business in California.
Data Volume Threshold
Annually buy, sell, share personal information of 100,000+ California consumers or households.
Revenue from Sale Threshold
Derive 50% or more of annual revenue from selling or sharing California consumers' personal information.
Meet Any Threshold
Meeting any one of the three thresholds triggers CCPA compliance obligations for the business.
CCPA Penalties & Enforcement
Consequences of non-compliance
Intentional Violations
Knowing and intentional violations. Attorney General enforcement actions. Per-consumer, per-violation basis.
Unintentional Violations
Violations not intentional. 30-day cure period if notified by AG. Must cure to avoid penalties.
Data Breach Statutory Damages
Private right of action for data breaches. Class action lawsuits. Actual damages or statutory amount.
CPRA Enhanced Enforcement
Dedicated enforcement agency. Rulemaking authority. Administrative fines. Broader investigative powers.
CCPA Compliance Use Cases
E-Commerce & Retail
Protect customer purchase history, browsing data, payment information. Honor opt-out requests for targeted advertising.
SaaS & Technology
Protect user account data, usage analytics, device information. Process deletion requests across backup systems.
Marketing & Advertising
Track data sales to third parties. Implement opt-out for behavioral advertising. Maintain records of data sharing.
Healthcare & Finance
CCPA applies alongside HIPAA, GLBA. Protect California residents' sensitive data with enhanced security.
Achieve CCPA Compliance
Protect California residents' privacy and honor consumer rights