Chapter 1: Introduction to the Guide

The California Consumer Privacy Act of 2018 (CCPA) is changing the way businesses collect and use consumer data. In fact, it seeks to change the nature of the relationship between businesses and consumers by introducing a new set of privacy protections and rights.

The CCPA aims to protect California residents, but it affects businesses across the world. For many of those businesses, complying with the law will require a significant change to their current privacy practices.

This guide is meant to help executives, managers, and other business leaders understand their new obligations under the CCPA and how to become compliant. It explains the major ideas that businesses should know without overwhelming them with every small detail of the law. You will find helpful links to more detailed information throughout the guide.

CCPA 2.0

In November 2020, voters approved the California Privacy Rights Acts (CPRA), sometimes called CCPA 2.0. The CPRA makes a number of significant changes to the CCPA, many of which are meant to strengthen enforcement and provide clarification of the original law.

Most of the changes go into effect on January 1, 2023, but this can be a little misleading. The CPRA contains a 12-month “look back” provision, meaning it applies to personal data collected as early as January 1, 2022. Businesses will need to begin planning their compliance well in advance of the 2023 effective date.

To help businesses start preparing for the new rules, this guide includes discussions of the major changes included in the CPRA. These are typically included at the bottom of any relevant section of the guide, under the heading: “Upcoming Changes to the Law.” There are also two new sections under “Consumer Rights” for the right to correct inaccurate information and the right to limit use and disclosure of sensitive personal information, though they do not go into effect until 2023.