CCPA Compliance: Who Must Follow the California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that went into effect on January 1, 2020. In this article, we'll break down who is required to follow the CCPA and what it means for your business.
Save 90% on your legal bills

CCPA Compliance: Who Must Follow the California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that went into effect on January 1, 2020. The law aims to protect the personal data of California residents by giving them more control over their data and increasing transparency around data collection and use.
But who must comply with the CCPA? In this article, we'll break down who is required to follow the CCPA and what it means for your business.
Who Must Comply with the CCPA?
The CCPA applies to businesses that:
- Collect personal information from California residents.
- Have annual gross revenues of $25 million or more.
- Buy, sell, or share the personal information of 50,000 or more California residents.
- Derive 50% or more of their annual revenue from selling California residents' personal information.
Additionally, the CCPA also applies to businesses that:
- Are subject to the Gramm-Leach-Bliley Act (GLBA) and have annual gross revenues of $25 million or more.
- Are subject to the Health Insurance Portability and Accountability Act (HIPAA) and have annual gross revenues of $25 million or more.
It's worth noting that the CCPA does not apply to:
- Non-profits.
- Government agencies.
- Small businesses with annual gross revenues of less than $25 million.
- Businesses that only collect personal information from California residents for a single, one-time transaction.
If your business is required to comply with the CCPA, you'll need to take steps to ensure you're in compliance with the law. This includes:
- Providing clear and conspicuous notice to California residents about your data collection and use practices.
- Granting California residents the right to request access to their personal information and the right to request deletion of their personal information.
- Implementing reasonable security measures to protect personal information from unauthorized access, theft, or disclosure.
- Complying with the CCPA's requirements for data breaches and notifications.
By understanding who must comply with the CCPA and what it means for your business, you can take steps to ensure you're in compliance with the law and protect the personal data of your California residents.