Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CCPA Crosswalk by BakerHostetler


Crosswalk (XLSX)


Resource Identifier: CCPA Crosswalk by BakerHostetler 
Source: California Consumer Privacy Act of 2018
Contributor: BakerHostetler (Jeewon Serrato)
Contributor GitHub Username: @jeewonserrato
Date First Posted: January 14, 2021
Date Last Verified or Updated: n/a
Related Documentation: For the latest on the CCPA and CCPA rulemaking activities, see the California Office of the Attorney General CCPA Homepage:
Contributor Notes: CCPA went into effect on January 1, 2020 and enforcement began on July 1, 2020.  The California Office of the Attorney General is continuing its rulemaking and the California legislature is also continuing to enact amendments to the law.  The CCPA was also amended in a significant way through a citizens ballot initiative (California Privacy Rights Act or CPRA).  This CCPA Crosswalk maps the NIST Privacy Framework to the CCPA but adds notes to alert the readers to changes that were included in the CPRA, which for the most part become enforceable in 2023.  Readers will also notice that many of the Privacy Framework’s subcategories that are risk-based do not map neatly to the CCPA.  The CCPA includes a number of thresholds in terms of scope and applicability; however, once the threshold is met, CCPA obligations are largely not risk-based and should be understood as legal requirements.  I have noted sections within the CCPA that would help the readers map certain risk-based subcategories to the CCPA.  To the extent the CCPA is continuing to be amended, rulemaking is revised and the CPRA rulemaking will begin in 2021, I welcome comments and edits to this crosswalk.  I am currently serving as Chair of the Privacy Law Section of the California Lawyers Association (CLA) and invite privacy practitioners interested in monitoring legislative and rulemaking activities in California to join the state bar association.  This crosswalk will be updated with the assistance of CLA Privacy Law Section members. CLA Privacy Law Section Webpage:

Disclaimer While every effort has been made to be complete and provide as much detail as necessary, no guarantee or warranty is provided on the accuracy or completeness of this mapping. You should use it as a starting point for your own analysis.  The information provided on this crosswalk does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this crosswalk are for general informational purposes only.  Information on this crosswalk may not constitute the most up-to-date legal or other information.  Any links to third-party websites or sources are provided only for the convenience of the reader.  Readers should contact their attorney to obtain advice with respect to any particular legal matter.  Use of, and access to, this crosswalk or any of the links or resources contained within this crosswalk do not create an attorney-client relationship between the reader and contributor, contributing law firms, or other affiliated members or employees and respective employers.


There is no discussion at this time for this resource.

You can share feedback, ask questions, or request clarifications about this resource. You will need the resource identifier and contributor’s GitHub username.

Share Feedback


Created January 13, 2021, Updated July 23, 2021