Consumer reporting agencies and tech firms have been collecting an enormous amount of data from consumers and sharing it with third-party companies without the consent of consumers. In the absence of any federal law to regulate consumer data collection, California has established the California Consumer Privacy Act (CCPA) to enhance the privacy rights of California residents. It will also empower consumers to request the deletion of the data collected and opt-out of sharing personal data with third parties. vHomeInsurance analyzed the legal document of the Act to present the provisions of the bill, which aims to reinforce the protection of consumer rights in California.


The California Consumer Privacy Act was passed into California law on June 28th of 2018, to come into effect from January 1st, 2020. The Act is by far considered to be the strongest mandate to be enacted in any state in the U.S. to protect consumer privacy rights. The law comes into effect amidst serious concerns surrounding the collection of sensitive data by the Big Four tech companies, excluding Apple. Several allegations have been made against Amazon, Facebook, and Google for their unethical approach in the collection of sensitive data from consumers.

The CCPA empowers consumers with more information on the specific and generic type of data collected, the reason for the collection of data and information about companies the data is shared with. For the first time, the act provides consumers the option to opt-out of data sharing and to request the deletion of their stored data.

However, not all companies are mandated to comply with the law. Health providers and insurers covered under HIPAA (Health Insurance Portability and Accountability Act of 1996), banks and financial companies covered under Gramm-Leach-Bliley, and credit reporting agencies covered under the Fair Credit Reporting Act (FCRA) are exempt from following the Privacy Act.