Skip to main content
  • Foundation
  • Executive network
  • CEO Circle
  • Enterprise Solutions
  • Linkage Logo
  • Store
  • Sign In
  • Account
    • My Account
    • Logout
    • Global
    • India
    • MENA
SHRM
About
Book a Speaker
Join Today
Renew
Rejoin Now
Renew
  • Membership
  • Certification
    Certification

    Smiling asian student studying in library with laptop books doing online research for coursework, making notes for essay homework assignment, online education e-learning concept
    Get Certified!

    Be recognized as an HR leader with your SHRM-CP or SHRM-SCP credential.

    • How to Get Certified

      Demonstrate your ability to apply HR principles to real-life situations. No other HR certification compares.

      • How to Get Certified
      • Eligibility Criteria
      • Exam Details and Fees
      • SHRM-CP
      • SHRM-SCP
      • Which Certification is Best for Me
      • Certification FAQs
    • Prepare for the Exam

      Give yourself the best chance to pass your SHRM certification exam.

      • Exam Preparation
      • SHRM BASK
      • SHRM Learning System
      • Instructor-Led Learning
      • Self-Study
      • Study Aids & Add-ons
    • Recertification

      Recertify your SHRM Credentials before your end date!

      • Specialty Credentials
      • Qualifications
  • Topics & Tools
    Topics & Tools

    Stay up to date with workplace news and leverage our vast library of resources to streamline day-to-day HR tasks.

    The white house in washington, dc.
    Executive Order Impact Zone

    Do not abandon, but evaluate and evolve. It is about legal, equal opportunity for all.

    • News & Trends

      Follow breaking news and emerging workplace trends.

      Legal & Compliance

      Stay informed on workplace legal updates and their impacts.

      From the Workplace

      Explore diverse perspectives from your peers on today's workplaces.

      Flagships

      Get curated collections of podcasts, videos, articles, and more produced by SHRM.

    • HR Topics
      • AI in the Workplace
      • Civility at Work
      • Compensation & Benefits
      • Inclusion & Diversity
      • Talent Acquisition
      • Workplace Technology
      • Workplace Violence Prevention
      SEE ALL
      SHRM Research
    • Tools & Samples

      Access member resources and tools to streamline HR tasks.

      • Forms & Checklists
      • How-To Guides
      • Interactive Tools
      • Job Descriptions
      • Policies
      • Toolkits
      SEE ALL
      Ask an Advisor
  • Events & Education
    Events & Education

    SHRM25 in San Diego, June 29 - July 2, 2025
    Join us for SHRM25 in San Diego

    Register for the World’s Largest HR Conference being held on June 29 - July 2, 2025

    • Events
      • SHRM25
      • The AI+HI Project 2025
      • INCLUSION 2025
      • Talent 2026
      • Linkage Institute 2025
      SEE ALL
      Webinars
    • Educational Programs

      Designed and delivered by HR experts to empower you with the knowledge and tools you need to drive lasting change in the workplace.

      Specialty Credentials

      Demonstrate targeted competence and enhance credibility among peers and employers.

      Qualifications

      Gain a deeper understanding and develop critical skills.

    • Team Training & Development

      Customized training programs unique to your organization’s needs.

  • Business Solutions
  • Advocacy
    Advocacy

    Make your voice heard on public policy issues impacting the workplace.

    Advocacy
    SHRM's President & CEO testifies to Congress on "The State of American Education"
    • Policy Areas
      • Workforce Development
      • Workplace Inclusion
      • Workplace Flexibility & Leave
      • Workplace Governance
      • Workplace Health Care
      • Workplace Immigration
      State Affairs

      SHRM advances policy solutions in state legislatures nationwide.

      Global Policy

      SHRM is the go-to for global HR leaders and businesses on workplace matters.

    • Advocacy Team (A-Team)

      SHRM’s A-Team is a key member benefit, giving you the tools, insights, and opportunities to shape workplace policy and drive real impact.

      Take Action

      Urge lawmakers to support policies that create lasting, positive change.

      Advocacy & Legislative Resources

      Access SHRM’s curated policy materials and content.

    • SHRM-Led Coalitions
      • Generation Cares
      • The Section 127 Coalition
      • Learn More & Partner with SHRM Government Affairs
  • Community
    Community

    Woman raising hand in group
    Find a SHRM Chapter

    Easily find a local professional or student chapter in your area.

    • Chapters

      Find local connections from over 607 chapters and state councils and create your personalized HR network.

      SHRM Connect

      Post polls, get crowdsourced answers to your questions and network with other HR professionals online.

      SHRM Northern California

      Join SHRM members in the greater San Francisco Bay area for local events and networking.

    • Membership Councils

      Learn about SHRM's five regional councils and the Membership Advisory Council (MAC).

      • Membership Advisory Council
      • Regional Councils
    • Volunteers

      Learn about volunteer opportunities with SHRM.

      • Volunteer Leader Resource Center
Close
  • Membership
  • Certification
    back
    Certification
    Smiling asian student studying in library with laptop books doing online research for coursework, making notes for essay homework assignment, online education e-learning concept
    Get Certified!

    Be recognized as an HR leader with your SHRM-CP or SHRM-SCP credential.

    • How to Get Certified

      Demonstrate your ability to apply HR principles to real-life situations. No other HR certification compares.

      • How to Get Certified
      • Eligibility Criteria
      • Exam Details and Fees
      • SHRM-CP
      • SHRM-SCP
      • Which Certification is Best for Me
      • Certification FAQs
    • Prepare for the Exam

      Give yourself the best chance to pass your SHRM certification exam.

      • Exam Preparation
      • SHRM BASK
      • SHRM Learning System
      • Instructor-Led Learning
      • Self-Study
      • Study Aids & Add-ons
    • Recertification

      Recertify your SHRM Credentials before your end date!

      • Specialty Credentials
      • Qualifications
  • Topics & Tools
    back
    Topics & Tools

    Stay up to date with workplace news and leverage our vast library of resources to streamline day-to-day HR tasks.

    The white house in washington, dc.
    Executive Order Impact Zone

    Do not abandon, but evaluate and evolve. It is about legal, equal opportunity for all.

    • News & Trends

      Follow breaking news and emerging workplace trends.

      Legal & Compliance

      Stay informed on workplace legal updates and their impacts.

      From the Workplace

      Explore diverse perspectives from your peers on today's workplaces.

      Flagships

      Get curated collections of podcasts, videos, articles, and more produced by SHRM.

    • HR Topics
      • AI in the Workplace
      • Civility at Work
      • Compensation & Benefits
      • Inclusion & Diversity
      • Talent Acquisition
      • Workplace Technology
      • Workplace Violence Prevention
      SEE ALL
      SHRM Research
    • Tools & Samples

      Access member resources and tools to streamline HR tasks.

      • Forms & Checklists
      • How-To Guides
      • Interactive Tools
      • Job Descriptions
      • Policies
      • Toolkits
      SEE ALL
      Ask an Advisor
  • Events & Education
    back
    Events & Education
    SHRM25 in San Diego, June 29 - July 2, 2025
    Join us for SHRM25 in San Diego

    Register for the World’s Largest HR Conference being held on June 29 - July 2, 2025

    • Events
      • SHRM25
      • The AI+HI Project 2025
      • INCLUSION 2025
      • Talent 2026
      • Linkage Institute 2025
      SEE ALL
      Webinars
    • Educational Programs

      Designed and delivered by HR experts to empower you with the knowledge and tools you need to drive lasting change in the workplace.

      Specialty Credentials

      Demonstrate targeted competence and enhance credibility among peers and employers.

      Qualifications

      Gain a deeper understanding and develop critical skills.

    • Team Training & Development

      Customized training programs unique to your organization’s needs.

  • Business Solutions
  • Advocacy
    back
    Advocacy

    Make your voice heard on public policy issues impacting the workplace.

    Advocacy
    SHRM's President & CEO testifies to Congress on "The State of American Education"
    • Policy Areas
      • Workforce Development
      • Workplace Inclusion
      • Workplace Flexibility & Leave
      • Workplace Governance
      • Workplace Health Care
      • Workplace Immigration
      State Affairs

      SHRM advances policy solutions in state legislatures nationwide.

      Global Policy

      SHRM is the go-to for global HR leaders and businesses on workplace matters.

    • Advocacy Team (A-Team)

      SHRM’s A-Team is a key member benefit, giving you the tools, insights, and opportunities to shape workplace policy and drive real impact.

      Take Action

      Urge lawmakers to support policies that create lasting, positive change.

      Advocacy & Legislative Resources

      Access SHRM’s curated policy materials and content.

    • SHRM-Led Coalitions
      • Generation Cares
      • The Section 127 Coalition
      • Learn More & Partner with SHRM Government Affairs
  • Community
    back
    Community
    Woman raising hand in group
    Find a SHRM Chapter

    Easily find a local professional or student chapter in your area.

    • Chapters

      Find local connections from over 607 chapters and state councils and create your personalized HR network.

      SHRM Connect

      Post polls, get crowdsourced answers to your questions and network with other HR professionals online.

      SHRM Northern California

      Join SHRM members in the greater San Francisco Bay area for local events and networking.

    • Membership Councils

      Learn about SHRM's five regional councils and the Membership Advisory Council (MAC).

      • Membership Advisory Council
      • Regional Councils
    • Volunteers

      Learn about volunteer opportunities with SHRM.

      • Volunteer Leader Resource Center
Join Today
Renew
Rejoin Now
Renew
  • Store
    • Global
    • India
    • MENA
  • About
  • Book a Speaker
  • Foundation
  • Executive network
  • CEO Circle
  • Enterprise Solutions
  • Linkage Logo
SHRM
Sign In
  • Account
    • My Account
    • Logout
Close

  1. Topics & Tools
  2. Workplace News & Trends
  3. California Consumer Privacy Act—What Does Your Business Need to Know?
Share
  • Linked In
  • Facebook
  • Twitter
  • Email

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus convallis sem tellus, vitae egestas felis vestibule ut.


Error message details.

Copy button
Reuse Permissions

Request permission to republish or redistribute SHRM content and materials.


Learn More
News

California Consumer Privacy Act—What Does Your Business Need to Know?

January 14, 2020 | Linn Foster Freedman and Deborah A. George

A california flag flies in front of the capitol building.


​After much anticipation and trepidation, the California Consumer Privacy Act (CCPA) went into effect on Jan. 1, 2020. Many companies are understandably still grappling with the details of the law, the amendments and the proposed regulations and how to comply with them.

If you have not determined whether the CCPA applies to your company, and if it does, the measures you need to take to comply with its requirements, now is the time. Ignoring it is not the answer or the right strategy

The CCPA is a consumer-directed law that empowers California consumers to learn how a business stores, retains and uses their personal information (PI). The CCPA gives consumers certain rights about the PI that businesses collect about them. The rights of consumers and the obligations of the businesses are intertwined in this law. On one side are the consumers' rights to know what personal information a business collects; on the other, businesses will need to be transparent with consumers about the personal information they collect and how they use it.

Who Does CCPA Apply?

The CCPA applies to California residents. The CCPA applies to for-profit businesses that do business in California and meet any of the following three criteria: (1) annual gross revenue in excess of $25 million; (2) annual purchases, receipt or sales of the PI of 50,000 or more California residents; or (3) companies that derive 50 percent or more of annual revenue from selling consumers' PI.

A key fact to note from this definition is that the CCPA applies to any business that "does business in the State of California" as described above and not just businesses residing or incorporated in California.

What is Exempt from the CCPA?

The CCPA does not apply to: commercial conduct "wholly outside" of California and de-identified or aggregate consumer information. There also are certain other exemptions, such as data covered under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or the Gramm-Leach-Bliley Act (GLBA). This means that if PI is already regulated by another federal law such as HIPAA or GLBA, or a state law such as California's Confidentiality of Medical Information Act, then it is outside the scope of the CCPA.

Nonprofit entities are exempt from the CCPA.

Rights of Consumers Regarding Their Personal Information

CCPA grants consumers the following rights:

  • The right to ask companies to identify the categories of personal information they collected on the consumer and whether a business is collecting or selling/disclosing their personal information.
  • The right to demand that personal data not be sold or shared for business purposes.
  • The right to sue companies that violate the law or that experience data breaches.
  • The right to access and download their personal information in a transferrable way.
  • The right to opt-out of the sale of their personal information.
  • The right to request deletion of their personal information.
  • The right not to be discriminated against.
  • The right to opt-in for children; i.e., that a business may not sell children's information (if the child is under age 13) without an affirmative opt-in from a parent or guardian. For children between the ages of 13-16, the child may provide that opt-in consent.

What Is Personal Information Under the CCPA?

CCPA defines "personal information" to include the following categories of non-public information that identifies, relates to, describes, and includes information that is "reasonably" capable of being associated with a particular consumer or household:

  • Identifiers, such as name, address, IP address, email address, Social Security number, account name, driver's license number, passport number or other similar identifiers.
  • Characteristics of protected classifications, such as race, religion, sexual orientation.
  • Commercial information, such as records of purchases or consuming tendencies.
  • Biometric information.
  • Internet or other electronic network activity, such as browsing or search history, website interaction.
  • Geolocation data.
  • Professional or employment-related info.
  • Education data.

The CCPA gives consumers the right to opt-out of the sale of personal information. This right does not extend to the disclosure (as opposed to sale) of personal information to third parties. Additionally, CCPA permits, under certain circumstances, businesses to offer financial incentives to consumers in exchange for permitting the sale of their personal information.

Note that for consumers under the age of 16, affirmative consent (opt-in) is required for the sale of personal information.

Consumer Rights Mean Corresponding Business Obligations and Requirements

Businesses must have a process by which they respond to verifiable consumer requests.

Upon receipt of a verifiable request of the consumer, a business must inform consumers as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used.

A business that receives a verifiable consumer request from a consumer to access personal information shall promptly take steps to disclose and deliver, free of charge to the consumer, the personal information requested and required to be delivered by law.

The consumer's personal information may be delivered by mail or electronically, and if provided electronically, the information shall be in a portable and, to the extent technically feasible, in a readily useable format that allows the consumer to transmit this information to another entity without hindrance.

A business shall, in a form that is reasonably accessible to consumers, (1) make available to consumers two or more designated methods for submitting requests for information required to be disclosed, including, at a minimum, a toll-free telephone number, and if the business maintains an Internet website, a website address as well. Businesses that operate exclusively online and have a relationship with consumers will be exempt from the requirement to have a toll-free number. (Note that for businesses that operate exclusively online, an Internet website will be sufficient.); and (2) disclose and deliver the required information to a consumer free of charge within 45 days of receiving a verifiable request from the consumer.

A business must have a CCPA-compliant website privacy policy and include notice to consumers, at or before the point of collection; of the categories of personal information to be collected and the purposes for which the categories of information shall be used; of their rights under the CCPA; and for businesses that sell personal information, a link in the privacy policy and on the website homepage that consumers may click on that states: "Do Not Sell My Personal Information." This is known as an opt-out process.

A business must:

  • Implement and maintain reasonable security procedures and practices.
  • Provide staff training to ensure that consumer responses are handled according to the law.
  • Not discriminate against consumers for exercising their rights under the CCPA.
  • Implement a deletion process for consumers who request to have their personal information deleted.
  • Implement a process to comply with the look back requirement, which stipulates that when a consumer makes a verifiable request for access to their personal information, organizations must provide records covering the 12-month period preceding the date of the request.

A business is recommended to maintain a process to respond to consumer notifications of a lawsuit under CCPA, as consumers are required to provide the business with 30 days' advance written notice and an opportunity to cure.

What Happens If a Business Doesn't Comply?

Consumers may file a lawsuit if a business fails to "implement and maintain reasonable security procedures and practices" which resulted in a data breach.

The CCPA creates this private right of action by California residents in connection with data breaches resulting in the "exfiltration, theft, or disclosure" of non-encrypted or non-redacted personal information, and provides for statutory damages of $100 to $750 per incident.

Prior to bringing suit, consumers are required to provide the business with 30 days advance written notice and an opportunity to cure.

This creates the potential for statutory damages and class action lawsuits.

The California attorney general may also bring enforcement actions for a business' failure to comply with the CCPA. The attorney general can impose a penalty of up to $2,500 for each violation or $7,500 for each intentional violation. Enforcement of the CCPA by the attorney general will commence on July 1, 2020.

Planning Points and Next Steps

The first step in the planning process is to determine whether your business must comply with the CCPA. Planning points include updating website privacy policies so they are CCPA-compliant; determining whether the business is selling personal information; developing a process to respond to verifiable consumer requests; developing a process to respond to requests for deletion/opt-out, and opt-in processes for those under 16 years of age; implementing staff training; and understanding the CCPA's nondiscrimination requirements. Other important areas to consider include maintaining a CCPA-compliant vendor management program; continuing to implement and maintain best practices for data security; confirming records retention policies; and finally, reviewing cyber-liability insurance policies for coverage for CCPA-related breaches and enforcement actions.

Linn Foster Freedman is a partner and Deborah George is counsel in the Providence, R.I., office of law firm Robinson & Cole LLP (Robinson+Cole). © 2020 Robinson & Cole LLP. All rights reserved. Republished from the Data Privacy + Cybersecurity Insider blog with permission.

Employment Law & Compliance
Risk Management
Technology
Workplace Security

Artificial Intelligence in the Workplace

​An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.



Related Content

Kelly Dobbs Bunting speaks onstage at SHRM24
(opens in a new tab)
News
Why AI+HI Is Essential to Compliance

HR must always include human intelligence and oversight of AI in decision-making in hiring and firing, a legal expert said at SHRM24. She added that HR can ensure compliance by meeting the strictest AI standards, which will be in Colorado’s upcoming AI law.

(opens in a new tab)
News
A 4-Day Workweek? AI-Fueled Efficiencies Could Make It Happen

The proliferation of artificial intelligence in the workplace, and the ensuing expected increase in productivity and efficiency, could help usher in the four-day workweek, some experts predict.

(opens in a new tab)
News
How One Company Uses Digital Tools to Boost Employee Well-Being

Learn how Marsh McLennan successfully boosts staff well-being with digital tools, improving productivity and work satisfaction for more than 20,000 employees.

HR Daily Newsletter

Stay up to date with the latest HR news, trends, and expert advice each business day.

Success title

Success caption

Manage Subscriptions
  • About SHRM
  • Careers at SHRM
  • Press Room
  • Contact SHRM
  • Book a SHRM Executive Speaker
  • Advertise with Us
  • Partner with Us
  • Copyright & Permissions
  • Post a Job
  • Find an HR Job
Follow Us
  • LinkedIn
  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • SHRM Newsletters
  • Ask An Advisor

© 2025 SHRM. All Rights Reserved

SHRM provides content as a service to its readers and members. It does not offer legal advice, and cannot guarantee the accuracy or suitability of its content for a particular purpose. Disclaimer


  1. Privacy Policy

  2. Terms of Use

  3. Accessibility

Join SHRM for Exclusive Access to Member Content

SHRM Members enjoy unlimited access to articles and exclusive member resources.

Already a member?
Free Article
Limit Reached

Get unlimited access to articles and member-exclusive resources.

You've reached the limit of 1 free article this month. Join to access unlimited articles and member-only resources.

Already a member?
Free Article
Exclusive Executive-Level Content

This content is for the SHRM Executive Network and Executive Content Subscription members only.

You've reached the limit of 1 free article this month. Join the Executive Network and enjoy unlimited content.

Already a member?
Free Article
Exclusive Executive-Level Content

This content is for the SHRM Executive Network and Executive Content Subscription members only.

You've reached the limit of 1 free article this month. Join and enjoy unlimited access to SHRM Executive Network Content.

Already a member?
Unlock Your Career with SHRM Membership

Please enjoy this free resource! Join SHRM for unlimited access to exclusive articles and tools.

Already a member?

Your membership is almost expired! Renew today for unlimited access to member content.

Renew now

Your membership has expired. Renew today for unlimited access to member content.

Renew Now

Your Executive Network membership is nearing its expiration. Renew now to maintain access.

Renew Now

Your membership has expired. Renew your Executive Network benefits today.

Renew Now