verified_user
Standardful
首页chevron_right标准chevron_rightCCPA/CPRA
有效国际标准update 标准更新:2025年1月fact_check 事实核查:2026年6月28日

CCPA/CPRA

加州消费者隐私法案与加州隐私权法案

apartment发布组织:加利福尼亚州

标准简介

CCPA/CPRA 是由 加利福尼亚州 发布的有效标准,常用于科技、金融银行、零售、医疗健康、服务业等行业,并适用于美国等市场。

本页汇总了 CCPA/CPRA 的官方文档、当前状态以及常见相关认证或评估机构,便于快速理解要求与落地路径。

privacy_tip

Consumer Rights

Grants California residents the right to know, delete, correct, and opt out of the sale or sharing of their personal information — including rights over automated decision-making.

account_balance

Dedicated Enforcement Agency

The California Privacy Protection Agency (CPPA), established by CPRA, is the first dedicated state privacy enforcement body in the US, with rulemaking and enforcement authority.

gavel

Private Right of Action

Consumers can bring private lawsuits for data breaches involving unencrypted or non-redacted personal information, with statutory damages of $107 to $799 per consumer per incident.

list_alt Core Consumer Rights

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt out of sale/sharing of personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising rights
  • Right to opt out of automated decision-making technology

谁需要合规?

groups

For-profit businesses that collect California residents' personal information and meet any threshold: annual gross revenue over $26.6 million, buy/sell/share data of 100,000+ consumers or households, or derive 50%+ of revenue from selling/sharing personal information.

关键要求

1

Privacy Notice & Disclosures

Provide a comprehensive privacy policy disclosing categories of personal information collected, purposes of collection, consumer rights, and whether information is sold or shared. Update at least annually.

2

Consumer Request Handling

Establish processes to receive and respond to consumer requests to know, delete, correct, and opt out. Verify consumer identity and respond within 45 days (extendable to 90 days).

3

Opt-Out Mechanisms

Provide a clear "Do Not Sell or Share My Personal Information" link. Honor Global Privacy Control (GPC) signals. Obtain opt-in consent before selling data of consumers under 16.

4

Data Minimization & Purpose Limitation

Collect, use, retain, and share personal information only as reasonably necessary and proportionate to the disclosed purposes. Inform consumers before using data for new purposes.

5

Service Provider Agreements

Enter written contracts with service providers and contractors restricting their use of personal information to the specific business purposes outlined in the agreement.

实施路线图

1
阶段 1schedule 预计周期: 2-4 周

确定覆盖业务范围

确认组织是否达到 CCPA/CPRA 适用门槛,映射加州消费者、家庭、员工和 B2B 个人信息,并识别服务提供商、承包商、第三方和数据经纪人。

2
阶段 2schedule 预计周期: 4-8 周

建立隐私清单和通知

按类别、来源、目的、保留期限、披露、出售、共享和敏感信息使用建立个人信息清单。更新收集时通知、隐私政策、保留披露和消费者权利流程。

3
阶段 3schedule 预计周期: 8-14 周

运行权利和选择退出

实施请求入口、身份验证、响应跟踪、删除和更正流程、出售或共享选择退出、敏感信息限制、授权代理处理和供应商合同控制。

4
阶段 4schedule 预计周期: 持续进行

保持监管就绪

监控 CPPA 规则制定、执法趋势、网络安全审核、风险评估、自动化决策技术和数据经纪人义务。测试面向消费者的链接,并在处理变化时刷新记录。

合规检查清单

0 / 12

checklist CCPA/CPRA 合规范围

checklist 加州消费者隐私权利

checklist 治理和保证

处罚与执行

warning

Administrative fines up to $2,663 per unintentional violation and $7,988 per intentional violation or violations involving minors (2025 adjusted amounts). Private lawsuits for data breaches can yield $107-$799 per consumer per incident. The largest settlement to date exceeded $1.5 million.

常见问题解答

谁需要遵守 CCPA/CPRA?

expand_more

该法律适用于在加州开展业务并达到收入、处理个人信息数量,或出售/共享个人信息收入比例等法定门槛的营利性企业。关联方和共同品牌实体也可能纳入范围。

加州消费者有哪些权利?

expand_more

消费者享有知情、访问、删除、更正、获取个人信息,以及选择退出出售或共享的权利。还包括与敏感个人信息相关的权利,以及不会因行使权利而受到歧视的保护。

出售和共享有什么区别?

expand_more

出售通常指以金钱或其他有价对价披露个人信息。共享侧重于为跨情境行为广告披露个人信息。两者都可能触发选择退出义务。

员工和 B2B 联系人是否受保护?

expand_more

是。CPRA 修订全面实施后,员工和商业联系人个人信息通常也受保护,因此 HR 和 B2B 数据也应纳入通知、清单和权利流程。

企业应保留哪些证据?

expand_more

应保留数据映射、通知、权利请求日志、身份验证决策、供应商合同、选择退出测试证据、培训记录、保留计划,以及高风险处理所需的评估。

官方文档

查看全部

实施时间线

gavel
2018年6月
CCPA signed into law (AB 375)
check_circle
2020年1月
CCPA became effective
how_to_vote
2020年11月
CPRA (Proposition 24) approved by California voters, amending CCPA
update
2023年1月
CPRA amendments became operative, expanding consumer rights
payments
2025年1月
Penalty amounts adjusted for inflation — up to $7,988 per intentional violation

相关分类