Privacy Policy Clause: How to Exercise Your Rights
(CCPA and CPRA Compliant)

Summary

This clause describes designated methods for consumers to submit requests to exercise their rights under the California Consumer Privacy Act (CCPA), as amended and expanded by the California Privacy Rights Act (CPRA). Under the CCPA/CPRA, businesses are required to disclose these methods to consumers. Cal. Civ. Code § 1798.130(a)(5)(A). This clause includes practical guidance and drafting notes. The CCPA was signed into law on June 28, 2018. Its substantive privacy requirements took effect starting January 1, 2020, and became fully enforceable as of July 1, 2020. On November 3, 2020, California voters approved Proposition 24, which enacts the California Privacy Rights Act of 2020 (CPRA). The CPRA amends and expands the CCPA and goes into effect on January 1, 2023. For additional content related to the CCPA and CPRA, see Data Privacy and Cybersecurity State Law Compliance Resource Kit (CA). For a full listing of related California consumer privacy content, see California Consumer Privacy Resource Kit (CCPA and CPRA). For a full listing of related data security & privacy content for first-year associates, see First-Year Associate Resource Kit: Data Security and Privacy. For more information regarding the CCPA and important definitions, see California Consumer Privacy Act (CCPA) Overview (Archived). For related privacy policy clauses see Privacy Policy Clause: Disclosure of Personal Information Collected (CCPA/CPRA) and Privacy Policy Clause: Description of Consumer Rights (CCPA and CPRA Compliant). For the CCPA compliant only version of this clause, see Privacy Policy Clause: How to Exercise Your Rights (CCPA Compliant) (Archived).