Data & Privacy

The CCPA applies to for-profit businesses that operate in California and meet at least one of these thresholds: $25 million in annual gross revenue, buy/sell personal information of 100,000+ consumers/households/devices, or derive 50%+ of annual revenue from selling personal information.

Yes, California residents have the right to opt out of the sale of their personal information under the CCPA and CPRA.

Yes, under the California Consumer Privacy Act (CCPA), you have the right to request that a business delete your personal information, with some exceptions.

Under the CCPA, you have the right to know what personal information a business collects about you, to delete that information, to opt out of its sale, and to non-discrimination for exercising these rights.

No, a business cannot deny you goods or services, charge different prices, or provide a different level of service solely because you exercised your CCPA rights.

Yes, California law gives you the right to opt out of targeted advertising by businesses that sell or share your personal information.

A business must acknowledge your CCPA data request within 10 days and provide the requested information within 45 days — with one possible 45-day extension if notified in writing.

Yes, you can sue a company for a data breach in California under the California Consumer Privacy Act (CCPA), the Confidential Information Protection Act (CIPA), and the California Civil Code § 1798.82 — but only if your unencrypted personal information was accessed and the company failed to implement reasonable security.

If your personal data is breached, a company in California must notify you without unreasonable delay, generally within 45 days, and provide specific information about the breach, including what data was exposed and what the company is doing to fix it.

Under the CCPA, you may recover statutory damages of $100–$750 per incident or actual damages, whichever is greater, if a business fails to implement reasonable security and a data breach occurs.

The California Privacy Protection Agency (CPPA) is the first agency in the U.S. dedicated to enforcing consumer privacy laws, created by the California Privacy Rights Act (CPRA) to implement and enforce the CCPA and CPRA.

The CPRA expanded your privacy rights in California by adding new data rights, strengthening enforcement through the CPPA, and broadening the definition of sensitive personal information.

Under the California Privacy Rights Act (CPRA), 'sensitive personal information' includes data like Social Security numbers, precise geolocation, racial origin, religious beliefs, sexual orientation, and contents of mail, email, or text messages.

Yes, CalOPPA requires commercial websites and online services that collect personal information from California residents to post a conspicuous privacy policy.

A website privacy policy in California must disclose what personal information is collected, how it’s used and shared, how users can access or delete their data, and whether the site responds to 'Do Not Track' signals.

Yes, California is a two-party consent state for recording phone calls — all parties to a confidential conversation must agree before it can be recorded.

In California, illegal wiretapping is a felony punishable by up to 3 years in state prison and/or a $250,000 fine.

No — in California, your employer generally cannot record your work phone calls without the consent of all parties involved, including you.

Yes, you can sue someone in California for recording you without your consent in a private conversation or situation where you had a reasonable expectation of privacy.

Yes, you can legally record police officers in public in California as long as you do not interfere with their duties and are in a place where you have a right to be.

Yes, the CCPA gives special protections to children’s personal information, especially for kids under 13 and teens aged 13–15.

Yes, California law restricts employer use of employee monitoring software through laws requiring notice, prohibiting secret audio recording, and limiting access to personal electronic accounts.

No, police in California cannot use automatic license plate readers (ALPRs) without restrictions. State law limits how long data can be stored, requires public reporting, and prohibits using ALPR data to track individuals' movements without a warrant or specific exception.

Yes, license plate reader (LPR) records are protected under California’s Automatic License Plate Reader Privacy Act, which limits collection, use, retention, and sharing of such data.

Yes, under California law, you have the right to request that a business correct inaccurate personal information it holds about you.