What is a CCPA Breach Notification?

Lawrence Bonk Profile image

Written by:

Updated January 6, 2023

If you are new to the world of Internet marketing, you may wonder what is a CCPA breach notification. Many of the best websites and online shopping platforms, after all, use tracking pixels which could impact consumer privacy, which is where CCPA breach notifications come in. So what is the CCPA, what are breach notifications, and what purpose do they serve? Keep reading to find out.


  • CCPA stands for the California Consumer Privacy Act, which was passed in 2018 at the behest of several civil actions.
  • The act sets a number of rights for consumers as they surf the web, including a breach notification law if an unauthorized person stumbles upon social security numbers or identification card numbers.
  • Companies must inform consumers of a data breach incident within a pre-determined amount of time or face legal consequences.

For more information, read about the California Consumer Privacy Act vs GDPR, filing CCPA data deletion requests, what is considered sensitive data vs personal data, and the required CCPA notice at data collection points.

Insider Tip

Though only for California residents, legally, the ruling impacts residents of other states, as companies will not be able to hide a breach unless they have no customers in California.

What is the CCPA?

CCPA stands for the California Consumer Privacy Act, which is a comprehensive online privacy initiative that primarily benefits California citizens. This act, and the associated regulatory agency, keep an eye on consumer privacy with regard to the Internet. The act was passed in 2018 and instituted a number of rights for Internet users, such as the right to know about the personal information that is collected and the right to opt-out of the sale of that personal information.

The act also pays special attention to data breaches, which we are interested in discussing now.

What is a Data Breach?

Whenever a company is hacked or breached in some way, that typically leads to the exposure of large amounts of personal data, such as passwords, credit card information, and more. This is called a data breach and impacts both large and small online entities. Massive data breaches have been thrust upon companies like Yahoo, Microsoft, Facebook, and, well, just about every other company out there. It’s a big deal.

How Do You Get a Breach Notification?

If you have an account with a company that has been breached, you should receive a breach notification even if it is unsure whether your actual data was touched. This only applies to California residents right now, but the law dictates that companies have a legal obligation to inform their customers or users about any relevant breaches. Failure to do so results in hefty fines and other penalties.

STAT: Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers. (source)

How Does This Impact Consumers?

This is good news for consumers because companies would rather not announce any data breaches, keeping everything in-house. This means that your information could have been scooped up, and you’d be none the wiser. With these CCPA regulations, you would at least know if something happened, so you could change your passwords and any other personal information.

CCPA Breach FAQs

Who must be notified of a breach?

If you were breached and your information was compromised by an unauthorized person, you must be informed via a substitute notice. This is true if the comprised information was an identification card, a security code, a debit card number, or just about anything else.

How do you send a data breach notification?

These notifications are sent via the mail, which is called a substitute notice, or to the email address on file for the consumer.

How do California privacy regulations get enforced?

The state created a regulatory agency that works with major credit reporting agencies to issue civil penalties, substitute notices, and more in the event of a military identification or tax identification breach.
Lawrence Bonk Profile image