The California Consumer Privacy Act (CCPA) went into effect July 1, and companies are still trying to figure out exactly what is required of them. The original date for the law to go into effect was Jan. 1, 2020, but given the ongoing uncertainty regarding how to comply and the slow progress made by many companies, California’s attorney general moved the deadline back six months.
Now, perhaps the strongest data privacy law in the country is in effect, and there are a few things companies should be aware of. The first is being really clear about whether the law affects your company. According to Dov Goldman, director of risk and compliance at Panorays, “CCPA applies to companies that do business with California residents, whether the organization has a California office or not, and where at least one of the following is true:
“Revenue of greater than $25 million;
“Buy, sell, or share the personal information of at least 50,000 consumers, households, or devices, which do not all have to be from California;
“Derive 50% of its annual revenue from selling personal information.”