The California Consumer Privacy Act (“CCPA”) became effective at the start of 2020. Its purpose is to protect the personal identifiable information (“PII”) of California consumers. The bad news for businesses is that the California Consumer Privacy Act’s legal requirements are murky at best. And, even in its infancy, the CCPA has been in a perpetual state of revision. Months after the CCPA became law, businesses are scrambling to answer the question, “Does the CCPA apply to me?”
We’ve endeavored to create a short question and answer list to help you determine whether or not some – or all – of the CCPA applies to your business. Let’s get started!
QUESTION 1: Does your business buy, receive, share, sell, collect, or process, any personally identifiable information of any California consumer?
If yes, continue on!
If no, then the CCPA doesn’t apply to you.
Not sure? Check out our info on “What is Personally Identifiable Information (”PII“)?” and “Who are California Consumers”
QUESTION 2: Are you a “business” as defined by the CCPA?
If your business:
(a) has a gross revenue of $25M or more per year; or
(b) annually buys, receives, shares, or sells 50K or more of California consumers’ PII, or
(c) derives 50% or more of its annual revenues from selling CA consumer PII
then the CCPA applies to you.
If your business does not meet any of these thresholds, you may still be bound by the CCPA’s requirements if you meet the definition of either a “service provider” or “third party”, so read on!
QUESTION 3: Are you a “service provider” as defined by the CCPA?
A “service provider” is:
(a) a for-profit legal entity that
(b) processes California consumer PII
(c) on behalf of a “business” (as defined above)
(d) pursuant to a contract that prohibits the service provider from processing the information for any purpose other than those specified by the “business.”
If one or more of these 4 factors doesn’t apply, then you aren’t considered a “service provider” under the CCPA.
If all 4 factors apply to your company, then please contact a member of our team to determine what aspects of the CCPA apply to your business.
QUESTION 4: Are you a “third-party” as defined by the CCPA?
A “third party” is:
(a) a legal or natural person that is NOT a “business” or a “service provider” (both as defined by the California Consumer Privacy Act); that
(b) receives California consumer PII from a “business.”
If one or both of these factors doesn’t apply, then you aren’t considered a “third party” under the California Consumer Privacy Act.
If both of these factors apply, then please contact a member of our team to determine what aspects of the CCPA apply to your business.
Have other questions regarding the CCPA? Please contact us at privacygroup@carneylaw.com for more assistance!
Disclaimer: This post is for informational/educational purposes only. It is not intended to provide any legal advice.
[responsivevoice_button voice=”UK English Female” buttontext=”Listen to Post”]
By: Ashley Long