California Consumer Privacy Act (CCPA)

What is California Consumer Privacy Act (CCPA)?

CCPA sets privacy rights and compliance obligations for organizations handling California resident data. It requires disclosures about data use, consumer rights management, and safeguards around data sharing. In TPRM, it impacts vendor contracts, data inventories, and privacy reviews to ensure third parties meet rights request handling and data protection requirements.

FAQs

How does CCPA affect vendor risk reviews?

Organizations must confirm that vendors comply with CCPA requirements and process data within contractual limits.

Does CCPA require special clauses in vendor contracts?

Yes, contracts must restrict data use and address consumer rights obligations.

Is CCPA compliance required for non-California companies?

Yes, if they process personal data of California residents and meet applicability thresholds.