The California Consumer Privacy Act is legislation meant to enhance privacy rights and consumer protection for residents of California.  NINJIO has developed an original three-part series on CCPA Compliance as it relates to the end-user. As with all NINJIO episodes, the series is presented through engaging, Hollywood style storytelling. 


NINJIO CCPA is targeted at any user within an organization who has to abide by CCPA regulations.  This includes any user who interacts or deals with the people or data of California residents, such that they can have an understanding as to how CCPA may impact their responsibilities around transacting business with California residents.




With California having close to 40M residents, and being roughly 37% larger than the next most populated state, most businesses who conduct business outside of their respective state, they are likely do business with the residents of California.  CCPA or the “California Consumer Privacy Act” is state based legislation that provides additional privacy protection for the residents of California.  Any employee who deals with California residents should be brought up-to-date on the core tenants of this legistation.




1. The California Consumer Privacy Act, or CCPA, enhances privacy rights and consumer protection for residents of California. It applies to businesses based in California, but also to any business – regardless of physical location – that engage in commerce with, or stores the personal information of, a California resident.

2. Non-compliant companies that become victims of data theft, or other data security breaches, can be ordered to pay damages up to $750 per affected California resident, or to pay actual damages, whichever is greater. In addition, non-compliant companies can be ordered to pay any other relief a court deems proper. This is all subject to an option of the California Attorney General’s Office to actually prosecute negligent members of the company if it finds that to be the appropriate step. Furthermore, a fine of up to $7,500 for each intentional violation and $2,500 for each unintentional violation can be implemented.

3. CCPA applies to any company that does business in California and has annual gross revenues in excess of $25 million; possesses personal information of 50,000 or more consumers, households, or devices; or earns more than half its annual revenue from selling consumers’ personal information.


1. CCPA goes into effect January 1, 2020 and grants California residents greater rights when it comes to their privacy and the personal data that’s stored about them. It is similar to GDPR, but also different in many ways.

2. CCPA allows residents to find out what personal data is being collected about them through calling a toll free phone number or clicking a link on a website. CCPA-compliant companies are required to set up the means by which California residents can do this.

3. Residents can also find out whether their information is being sold or disclosed, and to whom. Companies must ensure that residents are able to find out this information easily. CCPA compliant companies must set up a way for residents to access their data or to “opt out” of having their personal data sold.


1. California residents need to get equal service and price, even if they exercise their privacy rights. There cannot be any financial disadvantage to the resident for opting out or for exercising control over their personal data.

2. The intentions of the Act are to provide California residents with the right to know what personal data is being collected about them. Know whether their personal data is sold or disclosed and to whom. Say no to the sale of personal data. Access their personal data. Request a business delete any personal information about a consumer collected from that consumer. Not be discriminated against for exercising their privacy rights.

3. Organizations are required to implement and maintain reasonable securityprocedures and practices in protecting consumer data. This is to ensure that the personal data of California residents is not illegally accessed by means of a data breach.