What is the CCPA?

The California Consumer Privacy Act (CCPA) was approved by the California governor on September 23, 2018. The CCPA will be effective January 1, 2020. The CCPA will provide California residents the right to request a business to delete their personal information and will prohibit businesses from selling personal information without the consumer’s consent.

Who does the CCPA apply to?

The CCPA will apply to businesses and organizations possessing the personal information of California residents, households, or devices that:

(i) have $25 million or more in annual gross revenue;

(ii) possesses, receives, purchases, or sells the personal information of 50,000 or more consumers, households, or devices; and/or

(iii) generates fifty (50%) percent or more of its gross annual revenue from selling the personal information.

While businesses with a direct connection to consumers’ personal information will be affected, service providers will also be liable for the consumer information its company obtained from another business. This means all businesses that provide consumer information to a third party company will be required to be compliant with the CCPA as well. The CCPA defines a service provider as an entity that “processes information on behalf of a business and to which the business discloses a consumer’s personal information for business purpose pursuant to a written contract.

Additionally, the CCPA not only applies to companies with its headquarters in California or with locations in California, but also, it applies to all companies doing business with California residents and fall into one of the above categories.

Learn more on our website about how businesses can be compliant with CCPA, what exceptions exist for companies, how it differs from Europe’s GDPA, and how Evisort can help companies maintain compliance.