The dust had just started to settle on the EU’s game-changing new privacy law known as the GDPR (the General Data Protection Regulation), when California led the way to comprehensive changes in US privacy law, too. Even if you’ve done the work to become GDPR compliant, you may need to do more to keep up with the new California law.
The California legislature passed the CCPA (California Consumer Privacy Act) in 2018, which goes into effect in January of 2020 and puts new requirements on certain businesses who collect personal information from California residents.
If you are a business with an online presence, there’s a good chance that you collect at least some information from California residents. Is that enough to put you under the CCPA’s oversight?
The CCPA applies to for-profit businesses that collect personal information from California residents if at least one of the following is true of the business:
It has gross annual revenues in excess of $25 million;
It buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices;
It derives 50 percent or more of annual revenues from selling consumers’ personal information
Many small businesses don’t meet these thresholds, and the CCPA will not apply. It’s still smart to think about your data collection practices though, since other privacy laws may apply now or in the future. Other US states are working on their own data privacy laws, which will likely have different thresholds and obligations.
So what does the CCPA require, and how is it different from the GDPR? Check out Part II to learn more.
Please note that the above is a high-level overview for your information, and is not intended to be legal advice for your specific situation.
