Artifact GuideUSData Broker Crossover

US CCPA Data Broker Crossover

Data Broker Crossover decisions under the US CCPA should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed.

This guide converts official requirements into scope, evidence, ownership, and review decisions for practical implementation, supporting implementation planning and should be validated against jurisdiction-specific legal, contractual, and policy requirements before implementation.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Questions
3

Structured answer sets in this page tree.

Primary sources
5

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

This page maps US CCPA obligations for Data Broker Crossover to trigger conditions, accountable owners, required deadlines, evidence records, and review paths that product, legal, privacy, security, and compliance teams can apply. In plain English, this crossover means a workflow may need both ordinary CCPA handling and data-broker-specific treatment when a business knowingly collects and sells personal information about consumers with whom it has no direct relationship, or when data-broker duties overlap with consumer rights, opt-out, and deletion workflows.

Search this module

Find a question or answer quickly

3 of 3 questions
Question 1

What should teams do about Data Broker Crossover under the US CCPA?

Teams should treat Data Broker Crossover under the US CCPA as a source-linked operating decision: confirm whether the issue affects business-threshold status, notice at collection, privacy policy disclosures, consumer rights, do-not-sell/share controls, GPC, service-provider restrictions, or enforcement exposure, assign the team that can change the process, and keep evidence showing the action and review trigger.

The safest first step is to identify the collection point, consumer right, sale/share status, GPC signal, vendor role, and applicable threshold before assigning the CCPA action.

  • Write the Data Broker Crossover decision in one sentence before drafting controls.
  • Attach the external source URL and a short source quote to the evidence record.
  • Route unclear cases to legal, privacy, security, or compliance review before launch.
Citations
Laws & Regulations

CPPA source confirming CalPrivacy implements and enforces both the CCPA and the Delete Act for data broker crossover issues.

Question 2

What evidence should teams keep for Data Broker Crossover under the US CCPA?

Useful evidence is not just a privacy policy. Keep the source, threshold notes, notice screenshots, request logs, opt-out/GPC tests, vendor terms, and approval trail together.

  • Source URL and quote used for the decision.
  • Scope notes, screenshots, data-flow or system references, and role mapping.
  • Implementation ticket, approval record, exception notes, and review date.
Citations
Laws & Regulations

CPPA source confirming CalPrivacy implements and enforces both the CCPA and the Delete Act for data broker crossover issues.

Question 3

Which mistakes create risk when handling Data Broker Crossover under the US CCPA?

The common failure pattern is treating CCPA as one static notice instead of checking each collection point, sale/share flow, consumer request, GPC signal, and vendor restriction against current source material.

  • Using an old threshold, deadline, source page, or contract template without checking current source text.
  • Treating a source-linked exception as a general exemption for every product or data flow.
  • Publishing notices, controls, or answers that do not match the actual product behavior.
Citations
Laws & Regulations

CPPA source confirming CalPrivacy implements and enforces both the CCPA and the Delete Act for data broker crossover issues.

Recommended next step

Turn US CCPA Data Broker Crossover into assigned work

This US CCPA guide turns Data Broker Crossover into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.

Assessment workflow
Open Assessment Autopilot for US CCPA

Turn Data Broker Crossover into scoped questions, evidence fields, and review tasks.

Explore next step
Research workflow
Review US CCPA source evidence

Use Research Copilot to answer follow-up questions with cited source material.

Explore next step
Talk to Sorena
Talk through implementation

Review scope, evidence, owners, and the next compliance actions with Sorena.

Explore next step
Primary sources

References and citations

California Civil Code privacy provisions
leginfo.legislature.ca.gov
Referenced sections
  • California Civil Code source for statutory exceptions that can limit CCPA consumer request outcomes for data broker workflows.
"comply with federal, state, or local laws"
California Privacy Protection Agency FAQs
cppa.ca.gov
Referenced sections
  • Official CPPA FAQ source for opt-out preference signals, including Global Privacy Control, in CCPA sale and sharing workflows.
"Businesses must honor opt-out preference signals"
Data Broker Registry / Delete Act statute
cppa.ca.gov
Referenced sections
  • Official CPPA statutory compilation for Delete Act duties that overlap with CCPA deletion and opt-out handling by data brokers.
"Beginning August 1, 2026, a data broker shall access the accessible deletion mechanism"
Laws & Regulations
cppa.ca.gov
Referenced sections
  • CPPA source confirming CalPrivacy implements and enforces both the CCPA and the Delete Act for data broker crossover issues.
"responsible for implementing and enforcing the CCPA as well as the Delete Act"
Related guides

Explore more topics

California CCPA/CPRA Opt Out Signal Workflow Guide
California CCPA/CPRA guidance for Opt Out Signal Workflow, with practical decisions, evidence, edge cases, and external source citations.
CCPA Global Privacy Control (GPC): team obligations and technical implementation
US CCPA guidance for GPC, with practical decisions, evidence, edge cases, and external source citations.
How should teams decide whether US CCPA applies?
US CCPA guidance for Thresholds, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Applicability Test Guide
Practical guidance for the US CCPA applicability test, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Compliance Checklist
Practical guidance for the US CCPA checklist, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Compliance Guide
Practical guidance for the US CCPA compliance, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Consumer Rights Workflow Guide
US CCPA guidance for Consumer Rights Workflow, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Contract Classification Workflow Guide
US CCPA guidance for Contract Classification Workflow, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Dark Patterns Guide
US CCPA guidance for Dark Patterns, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Data Broker Crossover Guide
US CCPA guidance for Data Broker Crossover, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Deadlines and Compliance Calendar Guide
US CCPA guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Do not sell or share Guide
US CCPA guidance for Do not sell or share, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Do Not Sell Share Implementation Guide
US CCPA guidance for Do Not Sell Share Implementation, with practical decisions, evidence, edge cases, and external source citations.
US CCPA DSAR Verification Guide
US CCPA guidance for DSAR Verification, with practical decisions, evidence, edge cases, and external source citations.
US CCPA DSAR Workflow Guide
US CCPA guidance for DSAR Workflow, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Enforcement And Penalties Guide
US CCPA guidance for Enforcement And Penalties, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Financial Incentives Guide
US CCPA guidance for Financial Incentives, with practical decisions, evidence, edge cases, and external source citations.
US CCPA GPC Signal Guide
US CCPA guidance for GPC, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Minors Guide
US CCPA guidance for Minors, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Notice at collection Guide
US CCPA guidance for Notice at collection, with practical decisions, evidence, edge cases, and external source citations.
US CCPA penalties and fines Guide
US CCPA guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Personal And Sensitive Pi Categories Guide
US CCPA guidance for Personal And Sensitive Pi Categories, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Privacy Law FAQ
Practical guidance for the US CCPA FAQ, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Privacy Notices And Disclosures Guide
US CCPA guidance for Privacy Notices And Disclosures, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Privacy Policy Guide
US CCPA guidance for Privacy Policy, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Privacy Policy Template Guide
US CCPA guidance for CCPA Privacy Policy Template, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Requirements Guide
Practical guidance for the US CCPA requirements, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Risk And Cyber Audits Guide
US CCPA guidance for Risk And Cyber Audits, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Scope and Thresholds Guide
US CCPA guidance for Scope and Thresholds, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Service Provider Contractor And Third Party Contracts Guide
US CCPA guidance for Service Provider Contractor And Third Party Contracts, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Service Provider Contractor Contracts Guide
US CCPA guidance for Service Provider Contractor Contracts, with practical decisions, evidence, edge cases, and external source citations.
US CCPA Thresholds Guide
US CCPA guidance for Thresholds, with practical decisions, evidence, edge cases, and external source citations.
US CCPA vs CPRA Guide
US CCPA guidance for CCPA vs CPRA, with practical decisions, evidence, edge cases, and external source citations.
US CCPA vs GDPR Guide
US CCPA guidance for CCPA vs GDPR, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about consumer request verification under the CCPA?
US CCPA guidance for consumer request verification, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Dark Patterns under the US CCPA?
US CCPA guidance for Dark Patterns, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Do not sell or share under the US CCPA?
US CCPA guidance for Do not sell or share, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Financial Incentives under the US CCPA?
US CCPA guidance for Financial Incentives, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Minors under the California CCPA?
US CCPA guidance for Minors, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Notice at collection under the US CCPA?
US CCPA guidance for Notice at collection, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Personal And Sensitive Pi Categories under the US CCPA?
US CCPA guidance for Personal And Sensitive Pi Categories, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Privacy Policy under the US CCPA?
US CCPA guidance for Privacy Policy, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Risk And Cyber Audits under the US CCPA?
US CCPA guidance for Risk And Cyber Audits, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Service Provider And Contractor Contracts under the US CCPA?
US CCPA guidance for Service Provider And Contractor Contracts, with practical decisions, evidence, edge cases, and external source citations.