verified_user
Standardful
首頁chevron_right標準chevron_rightCCPA/CPRA
現行有效國際標準update 標準更新:2025年1月fact_check 事實核查:2026年6月28日

CCPA/CPRA

加州消費者隱私法案與加州隱私權法案

apartment發布組織:加利福尼亞州

標準簡介

CCPA/CPRA 是由 加利福尼亞州 發布的現行有效標準,常用於科技、金融銀行、零售、醫療健康、服務業等產業,並適用於美國等市場。

本頁整理了 CCPA/CPRA 的官方文件、目前狀態以及常見相關認證或評估機構,便於快速理解要求與落地路徑。

privacy_tip

Consumer Rights

Grants California residents the right to know, delete, correct, and opt out of the sale or sharing of their personal information — including rights over automated decision-making.

account_balance

Dedicated Enforcement Agency

The California Privacy Protection Agency (CPPA), established by CPRA, is the first dedicated state privacy enforcement body in the US, with rulemaking and enforcement authority.

gavel

Private Right of Action

Consumers can bring private lawsuits for data breaches involving unencrypted or non-redacted personal information, with statutory damages of $107 to $799 per consumer per incident.

list_alt Core Consumer Rights

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt out of sale/sharing of personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising rights
  • Right to opt out of automated decision-making technology

誰需要合規?

groups

For-profit businesses that collect California residents' personal information and meet any threshold: annual gross revenue over $26.6 million, buy/sell/share data of 100,000+ consumers or households, or derive 50%+ of revenue from selling/sharing personal information.

關鍵要求

1

Privacy Notice & Disclosures

Provide a comprehensive privacy policy disclosing categories of personal information collected, purposes of collection, consumer rights, and whether information is sold or shared. Update at least annually.

2

Consumer Request Handling

Establish processes to receive and respond to consumer requests to know, delete, correct, and opt out. Verify consumer identity and respond within 45 days (extendable to 90 days).

3

Opt-Out Mechanisms

Provide a clear "Do Not Sell or Share My Personal Information" link. Honor Global Privacy Control (GPC) signals. Obtain opt-in consent before selling data of consumers under 16.

4

Data Minimization & Purpose Limitation

Collect, use, retain, and share personal information only as reasonably necessary and proportionate to the disclosed purposes. Inform consumers before using data for new purposes.

5

Service Provider Agreements

Enter written contracts with service providers and contractors restricting their use of personal information to the specific business purposes outlined in the agreement.

實施路線圖

1
階段 1schedule 預計週期: 2-4 周

確定覆蓋業務範圍

確認組織是否達到 CCPA/CPRA 適用門檻,映射加州消費者、家庭、員工和 B2B 個人信息,並識別服務提供商、承包商、第三方和數據經紀人。

2
階段 2schedule 預計週期: 4-8 周

建立隱私清單和通知

按類別、來源、目的、保留期限、披露、出售、共享和敏感信息使用建立個人信息清單。更新收集時通知、隱私政策、保留披露和消費者權利流程。

3
階段 3schedule 預計週期: 8-14 周

運行權利和選擇退出

實施請求入口、身份驗證、響應跟蹤、刪除和更正流程、出售或共享選擇退出、敏感信息限制、授權代理處理和供應商合同控制。

4
階段 4schedule 預計週期: 持續進行

保持監管就緒

監控 CPPA 規則制定、執法趨勢、網絡安全審覈、風險評估、自動化決策技術和數據經紀人義務。測試面向消費者的鏈接,並在處理變化時刷新記錄。

合規檢查清單

0 / 12

checklist CCPA/CPRA 合規範圍

checklist 加州消費者隱私權利

checklist 治理和保證

處罰與執行

warning

Administrative fines up to $2,663 per unintentional violation and $7,988 per intentional violation or violations involving minors (2025 adjusted amounts). Private lawsuits for data breaches can yield $107-$799 per consumer per incident. The largest settlement to date exceeded $1.5 million.

常見問題解答

誰需要遵守 CCPA/CPRA?

expand_more

該法律適用於在加州開展業務並達到收入、處理個人信息數量,或出售/共享個人信息收入比例等法定門檻的營利性企業。關聯方和共同品牌實體也可能納入範圍。

加州消費者有哪些權利?

expand_more

消費者享有知情、訪問、刪除、更正、獲取個人信息,以及選擇退出出售或共享的權利。還包括與敏感個人信息相關的權利,以及不會因行使權利而受到歧視的保護。

出售和共享有什麼區別?

expand_more

出售通常指以金錢或其他有價對價披露個人信息。共享側重於爲跨情境行爲廣告披露個人信息。兩者都可能觸發選擇退出義務。

員工和 B2B 聯繫人是否受保護?

expand_more

是。CPRA 修訂全面實施後,員工和商業聯繫人個人信息通常也受保護,因此 HR 和 B2B 數據也應納入通知、清單和權利流程。

企業應保留哪些證據?

expand_more

應保留數據映射、通知、權利請求日誌、身份驗證決策、供應商合同、選擇退出測試證據、培訓記錄、保留計劃,以及高風險處理所需的評估。

官方文件

查看全部

實施時間線

gavel
2018年6月
CCPA signed into law (AB 375)
check_circle
2020年1月
CCPA became effective
how_to_vote
2020年11月
CPRA (Proposition 24) approved by California voters, amending CCPA
update
2023年1月
CPRA amendments became operative, expanding consumer rights
payments
2025年1月
Penalty amounts adjusted for inflation — up to $7,988 per intentional violation

相關分類