CCPA/CPRA Compliance Audit

Identify gaps in your California privacy compliance before a $7,500-per-violation enforcement action finds them

$2499 — Per audit engagement Turnaround: 7-10 business days

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give California residents extensive rights over their personal information. Enforcement is ramping up — the California Privacy Protection Agency (CPPA) issued $345,000 in fines against a single retailer in 2025 for inadequate opt-out systems. Privacy litigation has doubled since 2020. Performance West conducts comprehensive CCPA/CPRA audits covering your data collection practices, privacy notices, opt-out mechanisms, consumer rights request processes, vendor contracts, and data security measures. We assess compliance against current CCPA/CPRA requirements including the latest CPPA regulations. Our audit covers all businesses that meet CCPA thresholds (annual gross revenue over $25 million, or handling data of 100,000+ California residents, or deriving 50%+ revenue from selling personal information). Even businesses below these thresholds increasingly adopt CCPA standards as a baseline.

Risk if non-compliant

CCPA statutory penalties are $2,500-$7,500 per violation, where each affected consumer counts as a separate violation. A data breach affecting 10,000 Californians could mean $25M-$75M in statutory penalties.

Potential penalties

  • Statutory penalties: $2,500 per unintentional violation
  • $7,500 per intentional violation
  • Each consumer = separate violation
  • Private right of action for data breaches ($100-$750 per consumer)
  • CPPA enforcement actions and audits
  • Class action lawsuits for systematic violations

What we deliver

  • Map all personal information collection and processing
  • Review privacy notices and disclosures for completeness
  • Test opt-out and do-not-sell mechanisms
  • Audit consumer rights request handling processes
  • Review vendor and service provider contracts
  • Assess data security measures (reasonable security standard)
  • Evaluate cookie and tracking technology compliance
  • Deliver gap analysis with prioritized remediation plan

Frequently asked questions

Does CCPA apply to my business?

CCPA applies if you do business in California AND meet any one of three thresholds: $25M+ annual revenue, handle data of 100K+ California residents, or derive 50%+ revenue from selling personal information.

What about other state privacy laws?

We also assess compliance with other state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, etc.). Many states are adopting CCPA-like requirements.

We don't sell data. Does CCPA still apply?

CCPA defines 'selling' broadly to include sharing data for cross-context behavioral advertising. If you use targeted advertising cookies, you may be 'selling' data under CCPA.

Do you provide legal advice on CCPA?

No. We provide compliance gap assessments and remediation recommendations. For legal interpretation of CCPA requirements, consult a privacy attorney.

Ready to get started?

Contact us to discuss your compliance needs or request a quote.

Get started View pricing

Or call us: 1-888-411-0383

Stay ahead of compliance changes

Regulatory updates, enforcement trends, and compliance tips. No spam.

How can we help?

Choose a category and tell us what you need.