Term · 28. International Regulations
CCPA / CPRA (California Consumer Privacy Act / Privacy Rights Act) CCPA
Definition
California state privacy law (CCPA 2018, expanded by CPRA 2020 effective 2023) granting California residents rights over their personal information: access, deletion, correction, opt-out of sale/sharing, and opt-out of automated decision-making. For IDM/IAM: requires consent management, identity verification before fulfilling consumer rights requests (CRR), audit logs of access to PI, and contractual terms with service providers.
- Synonyms
-
- California Consumer Privacy Act
- California Privacy Rights Act
- Application
- Affects any business serving California residents with 100k+ records or $25M+ annual revenue. IDM impact: identity-proof requesters before responding to CRR; automated workflows for deletion across all systems; data-mapping to know where California-resident PI lives. Comparable to GDPR Article 12-22.
- Sources
-
- California Office of the Attorney General — CCPA primary source
- California Privacy Protection Agency regulator
Related terms
-
HITRUST CSF (Common Security Framework) (HITRUST)
Healthcare-focused certifiable framework consolidating HIPAA, HITECH, NIST, ISO 27001, PCI DSS, GDPR, and 40+ other auth …
-
CMMC (Cybersecurity Maturity Model Certification) (CMMC)
US Department of Defense framework certifying cybersecurity practices of Defense Industrial Base (DIB) contractors handl …
-
Consent
Voluntary, specific, informed, unambiguous indication that a data subject agrees to processing of their personal data (G …
-
CSA CCoP (Cybersecurity Code of Practice for CII, Singapore) (CSA CCoP)
Singapore Cyber Security Agency's mandatory Code of Practice for Critical Information Infrastructure (CII) operators acr …
-
ENISA (European Union Agency for Cybersecurity) (ENISA)
EU agency providing cybersecurity guidance, threat intelligence, and certification schemes across member states. Coordin …
-
EU CRA (Cyber Resilience Act) (CRA)
EU regulation (Regulation (EU) 2024/2847; in force 10 Dec 2024) imposing cybersecurity requirements on products with dig …