Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary Β» CCPA Β» CCPA Compliance

CCPA Compliance

CCPA, or California Consumer Privacy Act, is a set of compliance guidelines aimed at protecting data belonging to residents of the state of California. It came into effect on January 1, 2020, and is considered one of the most stringent privacy laws in the United States. It applies to all organizations, regardless of where the business is located, that:

  • Process more than 100,000 personal data (B2B data included) of California citizens annually
  • Have more than $25 million in revenue annually
  • Earn more than 50% of revenue from selling California residents’ data

According to the CCPA guidelines, personal data can include details such as names, Social Security numbers, email addresses, birthdates, passport numbers, IP addresses, phone numbers, driver’s license numbers, residential addresses, and bank account details.

The CCPA protects the customers for their right to choose not to sell their data and the right of access and deletion of the data collected. Organizations that violate the CCPA may face fines of $7,500 per violation and $750 per user affected in civil damages.

The CCPA compliance requires an organization to have a process for responding to customer privacy rights exercise requests. In addition, businesses should collect less personal information except when it is absolutely necessary.

An inventory of all the data collected by an organization is set up, and customers are given notice of the collection of data. A data privacy policy is established, the employees are trained, and requests from customers are handled effectively.

Additional reading

How much does Cyber Essentials Certification Cost in 2026?

As a digital business, if you are looking to start implementing baseline cyber security measures and embark on a compliance journey, Cyber Essentials is a good starting point. It can substantially bolster your protection against most attacks and is relatively simple to achieve. Thereafter, you can move towards frameworks like ISO 27001 and GDPR with…

100+ Latest Social Engineering Statistics: Costs, Trends, AI [2025]

A single click can bypass every tool in your security stack. That’s the risk social engineering poses today. Modern attackers no longer need to exploit vulnerabilities in code. They exploit vulnerabilities in behaviourβ€”fatigue, familiarity, urgency, and routine.  Despite continued investments in zero trust frameworks, SIEM (Security Information and Event Management) systems, and endpoint security, organizations…

An Overview of ISO 31000: The Risk Management Standard

Managing cybersecurity risk is not as simple as it sounds. You’ll often hear terms like β€œavoid,” β€œmitigate,” or β€œtransfer,” but when you dig deeper, you realize these are broad strategies. The real challenge is translating them into actionable steps that measurably reduce risk. What does it mean to β€œavoid” risk? Is it simply removing a…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales