The California Consumer Privacy Act is legislation meant to enhance privacy rights and consumer protection for residents of California. NINJIO has developed an original three-part series on CCPA compliance as it relates to the end user. As with all NINJIO episodes, the series is presented through engaging, Hollywood-style storytelling


NINJIO CCPA targets any user who has to abide by
CCPA regulations. This includes anyone responsible for managing the data of California residents.


With California having close to 40 million residents (it’s roughly 37% larger than the next-most populated state), most national companies are likely to do business with residents of California. CCPA (the California Consumer Protection Act) is legislation that provides residents of the state with improved data privacy and security. Any employee who works with California residents’ information should be up to date on the core components of CCPA.



The California Consumer Privacy Act, or CCPA, enhances privacy rights and consumer protection for residents of California. It applies to California-based businesses, but also to any company – regardless of physical location – that interacts with or stores the personal information of California residents.

Non-compliant companies that become victims of data theft or other security breaches can be ordered to pay damages up to $750 per affected California resident, or to pay actual damages – whichever is greater. In addition, non-compliant companies can be ordered to pay any other relief a court deems proper. The California Attorney General’s Office can also prosecute negligent members of the company. Furthermore, a fine of up to $7,500 for each intentional violation and $2,500 for each unintentional violation can be imposed.

CCPA applies to any company that does business in California and has annual gross revenues in excess of $25 million; possesses personal information of 50,000 or more consumers, households, or devices; or earns more than half its annual revenue from selling consumers’ personal information.


CCPA goes into effect January 1, 2020 and grants California residents greater rights when it comes to their privacy and personal data. It is similar to GDPR, but also different in many ways.

CCPA allows residents to find out what personal data are being collected about them by calling a toll free phone number or clicking a link on a website. CCPA-compliant companies are required to set up the means by which California residents can do this.

Residents can also find out whether their information is being sold or disclosed, and to whom. Companies must ensure that residents are able to access this information easily. CCPA-compliant companies must set up a way for residents to view and manage their data or ‘opt out’ of having their personal data sold.


California residents’ services and prices must remain the same, even if they exercise their privacy rights. There cannot be any financial disadvantage for exercising control over their personal data

CCPA is intended to give California residents the right to know what personal information is being collected, as well as whether it’s being sold or disclosed, and to whom. Residents are also allowed to say no to the sale of personal information, access it, and request that a business delete it. Residents can’t be discriminated against for exercising their privacy rights.

Organizations are required to implement and maintain reasonable security procedures and practices to protect consumer data. This is to ensure that the personal data of California residents is not illegally accessed.