CCPA Compliance Dashboard

California Consumer Privacy Act

Jurisdiction: California, USA | Effective: January 1, 2020 | Domain: Privacy

Overview

The California Consumer Privacy Act (CCPA) grants California residents rights over their personal information collected by businesses, including the right to know, delete, and opt out of the sale of personal information.

FCC Governance Mapping

CCPA Right	FCC Governance Layer	Implementation
Right to know	Constitution mandatory patterns	Disclosure workflow gates
Right to delete	Quality gates	Deletion verification checks
Right to opt-out	Tag registry	consumer-opt-out capability
Non-discrimination	Constitution hard-stop rules	Equal service requirement

Controls

CCPA-C001: Consumer Disclosure

• Requirement: Consumer data collection disclosure and transparency
• Automated: Yes
• Evidence: Privacy policy, collection notices

CCPA-C002: Opt-Out Mechanism

• Requirement: "Do Not Sell My Personal Information" opt-out mechanism
• Automated: Yes
• Evidence: Opt-out request logs, implementation verification

CCPA-C003: Deletion Request Handling

• Requirement: Consumer deletion request processing within 45 days
• Automated: No
• Evidence: Request tracking logs, confirmation records

CCPA-C004: Data Inventory

• Requirement: Comprehensive personal information inventory
• Automated: Yes
• Evidence: Data catalog, classification reports

Compliance Gates

Gate	Control Ref	Requirement	Status
CCPA-G001	CCPA-C001	Privacy notice accessible at point of collection
CCPA-G002	CCPA-C002	Opt-out mechanism functional and accessible
CCPA-G003	CCPA-C003	Deletion requests processed within SLA

Metrics

Metric	Target	Source	Trend
Opt-out request response time	< 15 days	request_tracking	Stable
Privacy notice coverage	100%	policy_audit	Improving
Data inventory completeness	95%	data_catalog	Improving

Recommended Actions

1. Audit consumer-facing privacy notices bi-annually
2. Verify opt-out mechanism across all channels
3. Update data inventory for new processing activities

Cross-Regulation Overlaps

• GDPR — Data subject rights, consent mechanisms
• CPRA — Extended California privacy rights
• SOC 2 — Privacy trust service criteria