Get our app
Account Sign up Sign in

Leave Taxes to a Pro

Get matched with a tax pro who knows what you need, whether filing for yourself, your side hustle, or your business.

Leave Taxes to a Pro

Get started

Steps to CCPA compliance

While many small businesses will not meet the criteria of companies impacted by the law, there are several steps that business owners can take to ensure they are compliant by the time the law's enforcement period begins:

1. Understand the scope of the law

First, you must understand the law itself. Most importantly, you must understand the broad definition of "personal information", which is defined as any information which "identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household." Personal information includes, but isn't limited to:

  • Personal identifiers (names, aliases, addresses, e-mails, SSN, driver's license number, etc.)
  • Biometric information
  • Geolocation
  • Employment information
  • Commercial information
  • Internet or network activity
  • Audio, electronic, visual, thermal, or olfactory information
  • Education information that is not publicly available personally identifiable information
  • Information that may be inferred from any of the above

2. Train your employees

The CCPA requires employees who handle customer requests about data privacy practices (deleting information, opting out, etc) and employees who are responsible for the company's compliance to undergo specific training to understand the law. Generally, this statute will require training of all customer service representatives and whoever handles legal compliance. 

It is recommended that you know which employees have roles handling personal data to ensure that everyone who has to go undergo training completes it. Employee training should start well before the enforcement begins to help ensure that you are not fined any of the violation fees or end up with a consumer lawsuit. 

3. Understand the penalties

The penalties for not being CCPA compliant go up to $7,500 per intentional violation and $2,500 for unintentional violations which are enforced by the California attorney general. Consumers also have the right to pursue their own individual action against non-compliant businesses, and they can sue the company if a data breach occurs due to carelessness. 

Although it may seem daunting at first, if you divide your effort into these easy and manageable steps, you will be on the path of CCPA compliance. If you have questions about CCPA compliance, ask a lawyer

This article contains general legal information and does not contain legal advice. Rocket Lawyer is not a law firm or a substitute for an attorney or law firm. The law is complex and changes often. For legal advice, please ask a lawyer.

Ask a lawyer

Our network attorneys are here for you.
Characters remaining: 600
Rocket Lawyer Network Attorneys

Try Rocket Lawyer FREE for 7 days

Start your membership now to get legal services you can trust at prices you can afford. You'll get:

All the legal documents you need—customize, share, print & more

Unlimited electronic signatures with RocketSign®

Ask a lawyer questions or have them review your document

Dispute protection on all your contracts with Document Defense®

30-minute phone call with a lawyer about any new issue

Discounts on business and attorney services