Use this checklist to verify required notices, controls, workflows, records, and escalation points under the US CCPA before launch or review.
This guide converts official requirements into scope, evidence, ownership, and review decisions for practical implementation, supporting implementation planning and should be validated against jurisdiction-specific legal, contractual, and policy requirements before implementation.
Structured answer sets in this page tree.
Cited legal and guidance references.
This checklist is for businesses that must comply with the California Consumer Privacy Act, including businesses that collect personal information in California and meet the law's threshold tests, as well as their service providers and contractors where the checklist touches on request handling. Use it when you need to confirm whether a business is subject to the CCPA, what consumer rights and disclosures apply, and how to route requests for delete, correct, know, opt-out, limit, or ADMT-related review.
Run the workflow as California privacy operations: threshold, collection point, right or signal, required response, vendor propagation, evidence capture, and review.
A useful template captures threshold, consumer/data category, request or signal type, notice location, vendor role, response deadline, evidence link, and escalation reason.
Review the workflow after CPPA updates, ad-tech changes, new collection points, vendor changes, consumer complaints, enforcement advisories, or material product changes.
This US CCPA guide turns Checklist into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.
Turn Checklist into scoped questions, evidence fields, and review tasks.
Use Research Copilot to answer follow-up questions with cited source material.
Review scope, evidence, owners, and the next compliance actions with Sorena.
"Businesses must honor opt-out preference signals"
"Applying Data Minimization to Consumer Requests"