Skip to main content

On-demand webinar coming soon...

Blog

The CCPA metrics reporting requirement: What you need to know

August 11, 2021

Blue and violet gradient

The California Consumer Privacy Act (CCPA) has been in effect for over a year and a half, but certain requirements are still unfolding. As of July 1, 2021, the metrics reporting obligation took effect for certain organizations.

Keep up with CCPA Compliance and Download: Your Guide to California Privacy Law Compliance

What is the Metrics Reporting Requirement?

The metrics reporting provision, or Section 999.317(g) of the Attorney General’s CCPA regulations, applies to any business that is subject to the CCPA and buys, receives for commercial purposes, sells, or shares for commercial purposes the personal information of 10 million or more California residents in a calendar year.

Such businesses must compile metrics related to data processing for the previous calendar year and post it in the business’s privacy policy or on another website page that is linked from the privacy policy. 

Businesses subject to these requirements, must also document a training policy to ensure employees responsible for handling these requests or the business’s compliance with the CCPA are appropriately aware of and trained on the CCPA and the regulations.

What information needs to be reported?

Under Section 999.317(g) there are four metrics that need to be accounted for: 

  • Requests to Know: The number of requests to know that the business received, complied with in whole or in part, and denied.  
  • Requests to Delete: The number of requests to delete that the business received, complied with in whole or in part, and denied.  
  • Requests to Opt-Out: The number of requests to opt-out that the business received, complied with in whole or in part, and denied.  
  • Provide the Median or Mean: Number of days within which the business substantively responded to requests to know, requests to delete, and requests to opt-out.

These metrics should be compiled for each calendar year. By July 1 of each calendar year, businesses should release the metrics for the previous calendar year on their privacy policy or posted to their website and accessible via a link in their privacy policy.

Keep up with CCPA Compliance and Download: Your Guide to California Privacy Law Compliance

How OneTrust Helps

OneTrust Privacy Rights Management (DSAR) solution automates every step of the request process from intake to fulfillment, including data discovery, the redaction of sensitive information that shouldn’t be shared with the requestor, and robust reporting dashboards to track necessary metrics. The tool allows you to view, edit, and export executive dashboards and reports for internal and external review and benchmarking. You can also display metrics in your privacy policy through a pre-built report widget, making compliance with the CCPA metrics reporting requirement an automated part of your DSAR process. Customers can learn how to configure and optimize this feature on MyOneTrust

Further Resources for CCPA Metrics Reporting:

Follow OneTrust on LinkedIn, Twitter, or YouTube for the latest on ongoing CCPA compliance. 


You may also like

Webinar

Privacy Management

CPRA in action: OneTrust Live Demo

Join us for a deep dive tour of our suite of technology solutions for operationalizing and automating CPRA requirements across Do Not Share, Consumer Rights and privacy governance operations.

August 01, 2024

Learn more

Webinar

Privacy Management

Going beyond CCPA

Join us for an in-depth webinar on "Going Beyond CCPA," where we will explore the intricacies of privacy laws, compare major regulations, and provide guidance on enhancing your privacy policy.

July 25, 2024

Learn more

Webinar

Privacy Management

The evolution of CCPA

Join us for an insightful webinar on "The Evolution of CCPA" where we will delve into the latest amendments, understand their impact, and explore the new requirements and implications for businesses.

July 18, 2024

Learn more

Webinar

Privacy Management

Mastering data privacy: Navigating CCPA, CPRA, and beyond

Mastering Data Privacy: Expert Guidance on CCPA, CPRA, GDPR Compliance, Privacy Policy Best Practices, and Live Demo Insights

July 18, 2024

Learn more

Webinar

Consent & Preferences

Global Privacy Control: CCPA enforcement of GPC opt-out signals webinar

Watch this on-demand webinar to gain an overview of what Global Privacy Control (GPC) is, the benefits of the signal, and how it works.

October 30, 2022

Learn more

Webinar

Privacy Management

Employee vs. consumer rights: Same concept, different reality

Join this webinar to learn about the rights request fulfillment complexities introduced by the end of the employee exclusion in the CPRA.

August 25, 2022

Learn more

White Paper

Privacy & Data Governance

How OneTrust helps with California privacy law compliance (CCPA & CPRA)

This guide to California privacy law compliance helps your organization understand the requirements under the CCPA and CPRA.

June 23, 2022

Learn more

Webinar

Privacy & Data Governance

Know your laws: Comparing CCPA & CPRA vs. GDPR

Watch this free webinar and see how the CCPA and CPRA compare with the GDPR.

January 04, 2022

Learn more

eBook

Privacy & Data Governance

The ultimate guide to CCPA compliance

The Ultimate Guide to CCPA Compliance eBook highlights key compliance areas of  the CCPA that you should consider when building a privacy program.

December 01, 2021

Learn more

Webinar

Privacy Management

CCPA, CPRA, and Global Privacy Control: Moving toward a more private web

Watch this webinar to learn about Global Privacy Control (GPC), how it centralizes user opt-out preferences, and streamlines compliance with CCPA and CPRA. 

September 08, 2021

Learn more

Webinar

Privacy & Data Governance

Breaking update: New California Consumer Privacy Act

This webinar dives into the details of the California Consumer Privacy Act and how it will impact the companies handling their data.

July 23, 2021

Learn more

Infographic

Privacy & Data Governance

CCPA vs. CPRA infographic

Compare California's privacy laws: CCPA vs CPRA in this downloadable infographic.

July 22, 2021

Learn more

Infographic

Privacy Management

CDPA vs CCPA: Comparing US privacy laws

Download this infographic comparing the Virginia CDPA to the California CCPA.

July 22, 2021

Learn more

Webinar

Privacy & Data Governance

CPRA vs CCPA: What you need to know

Join us for a webinar as our legal experts discuss the key differences between the CPRA vs the CCPA.

July 22, 2021

Learn more

Webinar

Privacy Management

CCPA identity verification

In this webinar we explore options for verifying a consumer's identity and how to fully automate this process with OneTrust.

August 13, 2019

Learn more

Webinar

Privacy & Data Governance

CCPA compliance masterclass

Watch our OneTrust CCPA Masterclass Series and learn how to prepare your organization for CCPA compliance.

Learn more