Privacy Law Status

Your Rights as a California Resident

California residents enjoy some of the strongest privacy rights in the United States under the CCPA and CPRA. These rights apply regardless of where the business collecting your data is located.

• Right to know what data is collected – You can request businesses disclose what personal information they collect about you, how they use it, and who they share it with, up to twice per year free of charge[1]
• Right to delete personal information – You can request that businesses delete personal information they’ve collected from you and instruct their service providers to do the same, subject to certain legal exceptions[1]
• Right to opt out of data sales – You can direct businesses to stop selling or sharing your personal information, including through global privacy controls, and they cannot sell your data after receiving your request unless you later authorize it again[1]
• Right to correct inaccurate data – You can ask businesses to fix incorrect information they have about you, a right added by the CPRA in 2023[1][10]
• Right to limit sensitive information use – You can restrict how businesses use your sensitive personal information like social security numbers, financial data, precise location, or biometric information to only necessary business purposes[1][10]
• Right to non-discrimination – Businesses cannot treat you differently, charge you more, or provide worse service because you exercise your privacy rights[1][2]

These rights can be exercised directly with businesses or through the California Privacy Protection Agency’s complaint process if businesses fail to respond appropriately.

Business Requirements

California’s privacy law creates specific obligations for businesses that collect personal information from state residents.

• Coverage thresholds – Businesses must comply if they have annual gross revenue over $26.6 million, process data from 100,000+ California residents or households, or derive 50% or more revenue from selling personal information[11]
• Transparency and notices – Companies must provide clear privacy policies, notices at data collection, opt-out mechanisms, and disclosures about automated decision-making[2][11]
• Consumer request handling – Businesses must establish procedures to receive, verify, and respond to consumer rights requests within specified timeframes, including providing required information and honoring deletion or opt-out requests[2]
• Security and risk management – Organizations must implement reasonable security practices, conduct formal risk assessments for high-risk processing, and for large companies, perform regular cybersecurity audits[2][9]
• Data minimization and purpose limitation – Companies can only collect necessary personal information and must limit its use to disclosed purposes, with recent enforcement emphasizing these requirements[9]

Practical Impact

• Daily life protection – California’s law gives you concrete tools to control your digital footprint, from stopping companies from selling your browsing data to retailers and advertisers to correcting errors in background check reports or credit files
• Enforcement and violations – If your rights are violated, you can file complaints with the California Privacy Protection Agency, which investigates violations and can impose fines of $2,500 to $7,500 per violation[12][13]. For data breaches caused by poor security, you may also file private lawsuits seeking $107-$799 per incident[2][12]
• Limitations and gaps – The law doesn’t cover all organizations (nonprofits and certain regulated industries are exempt), has exceptions for legitimate business needs, and enforcement can be slow. Private lawsuits are limited to specific data breach situations rather than all privacy violations[2][12]
• Evolving protections – Recent updates address emerging technologies like AI decision-making and strengthen requirements for insurance companies and data brokers, though some protections won’t be fully implemented until 2026-2028[7][9]

Comparison Context

• Leading privacy state status – California provides stronger privacy protections than most U.S. states, with comprehensive rights similar to European GDPR standards, while 19 other states have passed their own privacy laws with varying levels of protection[14][4]
• Unique strengths – California is the only state that applies privacy protections to business-to-business contact data, has established a dedicated privacy enforcement agency, and requires businesses to limit sensitive information use rather than just allowing opt-outs[14]
• Areas for improvement – Unlike some newer state laws, California still allows a 30-day “cure period” for violations before penalties apply, though this may change. Some other states provide broader private lawsuit rights or shorter response times for consumer requests[14]
• National influence – California’s law has inspired privacy legislation in other states and continues to drive national discussions about federal privacy standards, with many companies adopting California-style practices nationwide to simplify compliance[4]

Action Steps for Residents

• Exercise your rights proactively – Contact major companies that likely have your data (social media platforms, retailers, data brokers) to request information about what they’ve collected and opt out of data sales
• Use available tools – Enable global privacy controls in your browsers, regularly review and update privacy settings on websites and apps, and take advantage of the upcoming Delete Act platform when it launches in 2026[15]
• Report violations – If businesses ignore your requests or violate your rights, file complaints with the California Privacy Protection Agency, which uses these reports to guide enforcement actions and policy development[16]
• Stay informed – Monitor updates from the CPPA and legislature as new regulations take effect through 2028, and consider participating in public comment periods for proposed privacy rules[6][8]

Official Resources and Contact Information

California Privacy Protection Agency

The CPPA is the primary state agency responsible for enforcing California’s privacy laws and educating the public about privacy rights.

General Information: Email info@cppa.ca.gov or call (916) 572-2900

File Privacy Complaints: Submit online complaints or mail printed forms to 400 R Street, Suite 330, Sacramento, CA 95811

Official Website: California Privacy Protection Agency

California Attorney General

The Attorney General’s office continues to play a role in CCPA enforcement and provides resources about California privacy law.

CCPA Information: Attorney General CCPA Resources

State Legislature

Contact your state representatives to provide input on privacy legislation and policy.

Find Your Assembly Member: California State Assembly Members

Find Your State Senator: California State Senate Members

Assembly Privacy Committee: Committee on Privacy and Consumer Protection

Public Participation

The CPPA regularly holds public meetings and comment periods for proposed regulations. Check their website for notices about upcoming rulemaking activities where residents can provide input on privacy policy development.

Media and Press Inquiries: Email press@cppa.ca.gov

Public Records Requests: Email PRA@cppa.ca.gov with subject line “ATTN: PRA Coordinator”

Sources and Citations

Last Updated August 2025. Written with contributions from both human authors and Perplexity AI. If you find incorrect or outdated information let us know at support@optery.com.