Explaining CCPA Regulations

Attention, California residents and business owners! Are you aware of your rights under the Consumer Privacy Act (CCPA)? The Department of Justice made some changes in October that you should be mindful of.


The California Consumer Privacy Act of 2018 (CCPA) gives the consumer more control over the personal information that businesses collect about them. This law secures new privacy rights for California business owners, including:

What Is Considered Personal Information?

Personal information is data that identifies, relates to, or could reasonably be linked with the business owner or household. For example, owner’s name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other data that allow for a profile to be created about the owner’s preferences and characteristics are all considered personal information.

The Right to Know

Regarding CCPA regulations, the right to know section details explicitly that a business owner may request that companies disclose personal information, including what they have collected, used, shared, or sold about the owner. The business owner (consumer) also has the right to know why the information was collected, used, shared, or sold.

Here are some specific details you can request as the consumer:

  • The categories of personal information collected
  • Specific pieces of data collected
  • The categories of sources from which the company collected personal information
  • The purposes for which the company uses the information
  • The categories of third parties with whom the businesses share the information
  • The categories of information that the business sells or discloses to third parties

Companies must provide this information to business owners free of charge for the 12-month period preceding the request.

The Right to Delete

It’s easy for consumers to send a right to delete request. California residents can request that companies delete personal information they’ve collected from the owner and ask their service providers to do the same. However, many exceptions allow companies to keep information. Common reasons why companies can keep your information include:

  • The company cannot verify your request
  • For certain company security practices
  • For certain internal uses that are compatible with reasonable consumer expectations or the context in which the information was provided
  • To comply with legal obligations, exercise legal claims or rights, or defend legal claims
  • If the information is certain medical information, consumer credit reporting information, or other types of information exempt from the CCPA requirements

The Right to Opt-Out

Business owners can request that companies stop selling their personal information (opt-out). With some exceptions, companies cannot sell your information after receiving the opt-out request unless the business owner provides authorization allowing the company to do so again.

The Right to Non-Discrimination

Companies cannot deny goods or services, charge consumers a different price, or provide a different level or quality of goods or services just because they exercise their rights under the CCPA regulations. However, if a consumer refuses to provide personal information to a company or ask it to delete or stop selling information, and that information is necessary for the company to provide goods or services, the company may not complete the transaction.


On Oct. 12, 2020, the Department of Justice released a third set of proposed modifications to the final regulations regarding the CCPA that went into effect Aug. 14, 2020. The notice of proposed changes, text of the proposed changes, and the deadline to submit written comments were Oct. 28, 2020.

A few of the CCPA modifications include:

  • A company that collects personal information in the course of interacting with consumers offline shall also provide notice by an offline method that facilitates consumers’ awareness of their right to opt out. For example:
    • A company that collects information over the phone may provide the notice orally during the call where the information is collected.


When you choose ITque as your IT services provider, you can rest assured that your personal information is protected. We follow CCPA compliance requirements closely, and we respect the California Department of Justice’s final regulations. We even have legal and professional clients who trust us to keep their sensitive information safe and secure. Contact us today to learn more about how we’ll work overtime to keep your information safe.