0a8e77e949
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
25 lines
1.1 KiB
Org Mode
25 lines
1.1 KiB
Org Mode
:PROPERTIES:
|
|
:ID: 87996d87-100c-4bf6-8546-a860b9d7c25b
|
|
:ID: auto-ccpa-cpra
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: CCPA/CPRA (California Consumer Privacy Act)
|
|
#+filetags: :passepartout:compliance:framework:ccpa:
|
|
|
|
|
|
California's comprehensive privacy law — the closest US analogue to [[id:513d5996-4ac7-4567-a992-18fc01599104][GDPR]].
|
|
CPRA (effective 2023) amended and strengthened CCPA. Key rights: right to
|
|
know, delete, opt out of sale/sharing, correct inaccurate data, limit use
|
|
of sensitive PI. Private right of action for data breaches.
|
|
|
|
Who must comply: For-profit businesses with >$25M revenue, or handling >100K
|
|
consumer records, or deriving >50% revenue from selling PI. Extraterritorial —
|
|
applies to any business collecting CA resident data.
|
|
|
|
Penalties: $2,500 per violation (intentional: $7,500). Private right of action
|
|
for breaches: $100-$750 per incident per consumer. CPRA created the California
|
|
Privacy Protection Agency (CPPA) for enforcement.
|
|
|
|
Why it matters: The opt-out/sale/sharing requirements create complex data flow
|
|
gate rules. The gate stack can encode "this data flow crosses a CCPA boundary"
|