Skip to Main Content.

The CCPA can apply to businesses located outside California that collect or sell personal information of California residents.  Businesses that violate the CCPA can face civil penalties in actions brought by the California Attorney General ranging from $2,500 for each non-intentional violation and up to $7,500 for each intentional violation. In addition, in some cases California consumers may be authorized to bring individual or class action lawsuits against violators.

Download our CCPA checklist PDF to start to get an understanding of what is involved in CCPA compliance.

For these reasons, businesses caught up in the CCPA should understand their CCPA obligations and make a plan to bring their businesses into compliance by 2020. We have created a list of steps to help with the process. They include:

  • Locate, map and inventory personal information of California consumers that the business collects or sells
  • Review and update required disclosers, including privacy notices and web pages
  • Create processes to fulfill a request from California consumers to exercise their CCPA rights and respond to alleged violations
  • Review and update third-party agreements
  • Review and implement security practices and procedures
  • After CCPA’s effective date, respond to California consumer’s verified request
  • Comply with sales opt-out and opt-in requests from California consumers
  • Do not discriminate against California consumers who exercise their CCPA rights
  • Conduct employee training

For questions and assistance regarding this topic, please feel free to contact any member of our Privacy and Data Security Team.


This is one of a series of alerts related to the California Consumer Privacy Protection Act. Click to read our CCPA flowchart and FAQ.