Counsel For Navigating The California Consumer Privacy Act (CCPA)


 

The California Consumer Privacy Act (CCPA) (as amended by the California Privacy Rights Act [CPRA]) is a wide-ranging privacy and data protection law with compliance consequences for a broad line of business types. Similar to the European Union’s GDPR, the CCPA has an extraterritorial scope and applies to many companies that are not physically located in California. Enacted in 2018 and in effect from a compliance perspective since 2020, the CCPA imposes requirements that include specific privacy notices, such as via a privacy policy, implementation of data processing agreements (DPAs) with service providers, among others, honoring privacy rights of consumers such as DSARs, and conducting privacy impact assessments. The law is regularly amended, such as the addition of protections for neural data under the umbrella of “sensitive” personal information.

The CCPA is enforced by the California Attorney General and, subsequent to the CPRA, also by the California Privacy Protection Agency (CPPA). So far, we have seen a variety of enforcement actions, ranging from warnings to fines, including the following:

At RICHT, we provide clients with a comprehensive suite of legal services to ensure compliance with the CCPA and avoid regulatory enforcement and private litigation. Our approach takes a business-first perspective, understanding business dynamics as well as goals, and aims to integrate compliance and risk mitigation within those confines.


 CCPA Law Services We Offer


 Compliance With CCPA Privacy Rights (DSARs)

Data Privacy Assessments

 Data Sale Analysis

Opt-Out/Opt-In Compliance



Learn How RICHT Can Help You Navigate The California Consumer Privacy Act (CCPA)



    Privacy & Cybersecurity Practice Insights


     


    CCPA News


    • Healthline Media to Pay Record California Privacy Penalty: Healthline Media LLC will pay $1.55 million in penalties for privacy violations under a pending settlement with California Attorney General Rob Bonta. The settlement announced Tuesday is the largest for violations under the California Consumer Privacy Act. The website publisher didn’t allow consumers to opt out of targeted advertising, and it shared data without the proper protections in place, according to Bonta’s office. Read More→
    • District Court Rulings Could Signal Expansion of California Consumer Privacy Right of Action: In two recent rulings, judges in the U.S. Northern District of California have allowed proposed class actions under the California Consumer Privacy Act (CCPA) to proceed without an allegation of a data breach, departing from past precedent. The CCPA contains a limited private right of action that allows individuals to bring suit if personal data about them is exposed via “unauthorized access, exfiltration, theft, or disclosure” due to a business’s failure to implement “reasonable security measures.” Read More→
    Hunton

    CPPA Fines Honda $632,500 for CCPA Violations

    On March 12, 2025, the California Privacy Protection Agency (“CPPA”) announced that it reached a settlement with American Honda Motor Co. (“Honda”) in which Honda will pay a $632,500 fine to resolve claims that the company violated the CCPA. The enforcement action comes as part of the CPPA’s ongoing investigation into connected vehicle manufacturers, which began in 2023.

    CCPA
    Compliance Week

    SpongeBob Game Developer Ordered To Pay $500K Over CCPA, COPPA Violations

    Popular children’s mobile game developer Tilting Point Media (TPM) agreed to pay $500,000 to settle allegations the company illegally collected children’s personal data, a violation under the California Consumer Privacy Act (CCPA) and a federal children’s privacy law.

    CCPA
    COPPA
    Privacy Law
    The Record

    California AG Settles With DoorDash Over Selling Consumer Data Without Notice

    The food delivery service company DoorDash settled charges with California’s attorney general after state authorities alleged the company sold consumers’ personal information without notice and without giving them a chance to opt out, both violations of California’s strict consumer privacy law.

    CCPA
    Privacy Law
    IAPP

    California Attorney General Issues CCPA Violation Notices To Streaming Services

    California Attorney General Rob Bonta announced his office is issuing notices to streaming service providers for their alleged violations of the California Consumer Privacy Act. The letters specifically address the streaming service providers’ level of compliance for offering users easy opt-out mechanisms for the sale of their personal data.

    CCPA
    Privacy Law
    IAPP

    California Attorney General Announces First CCPA Enforcement Action

    California Attorney General Rob Bonta announced the first enforcement action under the CCPA, a $1.2 million settlement with multinational retailer Sephora over violations of the law’s “Do Not Sell” provisions.

    CCPA
    Privacy Law
    IAPP

    Top-10 Takeaways From The California AG’s CCPA Enforcement Case Examples

    In July, the office of the attorney general of California marked the one-year anniversary of its enforcement of the California Consumer Privacy Act by issuing a press release to tout its “successful enforcement efforts.”

    CCPA
    Privacy Law