An alliance of nonprofit organizations hopes to confirm that nonprofits are not covered by the recent data privacy bill passed in California. The act’s language is currently considered vague enough to require some sort of confirmation. The covered entities include:
… any entity around the world that does business in California, collects California consumers’ personal information, and satisfies one or more of the following thresholds: annual gross revenue of USD 25 million; buys, receives, sells, or shares the personal information of 50,000 Californian consumers or more Californian consumers; and/or derives more than 50 percent of its revenue for selling consumers’ personal information.
Taken literally, this would exclude small businesses, nonprofits and any entity that does not sell or share personal data. The act was passed quickly, with little opportunity for feedback from interest groups, with the intention to revisit the language to tweak as necessary.