Does the CCPA Apply to Your Organization?
Have you heard about the new California data privacy law, called the California Consumer Privacy Act?
Are you unsure whether this new law applies to your company?
You’ve come to the right place. Let’s figure this out.
First of all, you should be aware that the CCPA went into effect on January 1st, 2020, and enforcement began on July 1st, 2020. So now is the time to determine whether your company is subject to this law, and what you might need to do to comply with it.
The first step in determining whether or not the CCPA applies to your business is to identify whether your company collects, stores or transfers personal information for California residents.
In this case, personal information means information that could identify a natural person. That would be names, email addresses, phone numbers, physical addresses, IP addresses, and that sort of thing. So if you're collecting, storing or transferring that kind of information about California residents, the CCPA could apply to your business.
The second step is to determine if one of three scenarios applies to your business.
The first scenario: does your company take in over $25 million in revenue per year? If the answer is yes, then the CCPA does apply to your business.
The second scenario: does your business process personal information for at least 50,000 California residents? If that's the case, then the CCPA applies to your company.
The third scenario: does more than 50% of your annual revenue comes from selling California resident personal information? If the answer to that is yes, then the CCPA applies to your business.
If you've figured out through the answers to these questions that the CCPA does in fact apply to your business, you will need to take specific steps to make sure you comply with CCPA requirements.
The next few blog posts will talk about some common misconceptions about the CCPA, what you need to do to comply with it, and how to fully implement a CCPA compliance program.