it is de facto national because California has the most people and is insanely wealthy; there is no F500 company handling broad consumer data that does not have a presence or customers there.

there have already been CCPA enforcements against companies like Tractor Supply, Sephora, Honda, and Google (tho the GOOG was more of a "violated a lot of stuff including CCPA").

It doesn't have enough teeth to scare FAANGs, who have the money and technical ability to do whatever, but it can definitely keep companies in line.

source: did CCPA compliance and security at multiple F500

Even if there was, under the current regime, the probability of it being enforced is near-zero, especially if you are in the good graces of the child king.