
California Consumer Privacy Act
CCPA / CPRA Compliance
CCPA/CPRA applies to for-profit businesses that meet revenue or data volume thresholds and collect California residents' personal information. Non-compliance triggers civil penalties and a private right of action for data breaches. As more states adopt similar laws, building a scalable U.S. privacy program now saves significant rework later.
What we address
- Data inventory and personal information mapping
- Privacy notice updates and opt-out mechanisms (Do Not Sell / Do Not Share)
- Consumer rights request workflows (access, deletion, correction, portability)
- Sensitive personal information handling and opt-out procedures
- Service provider and contractor agreement review
- Data minimization and retention policy development
Our approach
- 1Personal information inventory and data flow mapping
- 2CCPA/CPRA gap assessment and remediation roadmap
- 3Privacy notice, opt-out, and consent management implementation
- 4Consumer rights request process design
- 5Multi-state privacy law readiness review (Virginia, Colorado, Texas, etc.)
Who needs this
For-profit businesses with annual gross revenue over $25M, or that buy/sell/receive personal data of 100,000+ consumers/households annually, or derive 50%+ of revenue from selling personal data — and that do business in California.
Start your CCPA assessmentNeed a broader program?
Many organizations must satisfy multiple frameworks simultaneously. We help you build a unified program that satisfies overlapping controls efficiently.
View all compliance servicesRelated frameworks