Compliance evidence
CCPA — domain & certificate controls
Businesses operating in California meeting revenue / data-volume thresholds.
Authority: California Attorney General / CPPA
What CCPA actually requires
CCPA (as amended by CPRA) requires businesses to implement and maintain 'reasonable security procedures and practices appropriate to the nature of the personal information.' California courts and regulators have interpreted 'reasonable security' to include industry-standard encryption in transit — i.e., current, trusted TLS certificates.
Full name: CCPA/CPRA (California Consumer Privacy Act, as amended).
Controls that touch certificates and domains
These are the 2 controls most directly affected by TLS certificate and domain lifecycle. CertRadar produces evidence bundles mapped to each.
| Control | Title | How CertRadar helps |
|---|---|---|
Cal. Civ. Code § 1798.81.5 | Reasonable security procedures | Encryption in transit via valid TLS certs is a baseline reasonable practice. |
Cal. Civ. Code § 1798.150 | Private right of action after a data breach | Plaintiffs will point to lapsed certs as failure of reasonable security. |
What the evidence pack contains
CertRadar’s one-click export for CCPA includes:
- Evidence of industry-standard encryption on all consumer-facing systems
- Monitoring log demonstrating ongoing maintenance of reasonable security
Example domains in CCPA scope
Representative domains often monitored for CCPA evidence. Check any of them live:
Ship the CCPA evidence your auditor asks for.
CertRadar gives security, IT, and compliance teams a complete inventory of every domain and cert your company owns — plus a one-click evidence pack mapped to CCPA controls. Beta in weeks. Early members get a lifetime Pro discount.
Join the waitlist