Who exactly is subject to the CCPA?
The CCPA applies to for-profit businesses that handle and process the personal information of California consumers.
There are conditional thresholds dealing with the number of activities and annual revenue.
If any of these are met, then your business will need to be compliant with the CCPA.
The CCPA enhances consumer privacy and protects personal and identifying information.
Although the law was passed as legislation in 2018, it only took effect in 2020.
It is often compared to the European Union’s General Data Protection Regulation (GDPR) but as a “lite” or stripped-down form of privacy protection.
Who is subject to the CCPA, therefore, is an important question as it’s crucial that you determine whether or not the act applies to your business.
What are the CCPA thresholds?
The statutes of the CCPA apply to any businesses or organizations that meet all of the following conditions:
- The company is a for-profit business
- The business collects personal information from consumers that reside in California and determines the purposes and means of processing those consumers’ personal information
- Business is conducted in the state of California.
If your business meets all of those criteria, the CCPA will apply if you also meet one of the following:
- Your business has an annual gross revenue of $25 million or more
- You buy, sell, receive, or share the personal information of at least 50,000 California residents, households, or devices annually for commercial purposes
- At least 50% of your annual revenue comes from selling the personal information of California consumers.
Additionally, if your organization has a controlling interest in other companies with a shared brand identity, the CCPA will also apply to those businesses.
What is considered personal information under the CCPA?
The CCPA definition of “personal information” is that which “identifies, relates to, or could reasonably be linked with [a consumer’s] household.”
Examples of this type of information include but are not limited to the following:
- Social security number
- Email address
- Purchase history
- Payment information
- Internet browsing history
- Geolocation data
Plenty of other data types could be ruled to reasonably infer the identity of a consumer.
When it comes to CCPA rules, it’s better to protect all consumer data rather than focus on only those you consider to be “personal information.”
What rights do I have under the CCPA?
If you reside in California, you have certain rights under the CCPA. These rights include:
1. Right to know
You can request that a business disclose all personal information they have collected about you and for what purposes.
2. Right to delete
You can request the business to delete any and all personal information they have collected from you (and make the same request of their service providers).
3. Right to opt-out
You can request from the business to stop selling or sharing your personal information via user-enabled privacy control.
4. Right to correct
You can ask businesses to correct inaccuracies with the personal information they’ve collected.
5. Right to limit use and disclosure of sensitive personal information
You can permit the limited use of your personal information for only the services you’ve requested.
What to do when subject to the CCPA
If you’re now sure of CCPA applicability to your business, there are several measures you can take.
Upon this foundation, you should cover the following areas of compliance:
- Provide notices to California residents either in the policy itself or with a separate notice. This notice must cover the types of data collected and their respective purposes.
- Outline the steps for processing consumer requests; the right to know and the right to delete any other requests must be met within defined timelines.
- Define how to implement the opt-out process for the collecting and sale of personal information
- CCPA training strategy and educational resources to ensure all employees are compliant
- Any additional layers of protection both virtually (cybersecurity) and physically (on-premises) for the handling of consumer personal data.
This will ensure you are compliant with regulations that may apply specifically to the nature of your business and its data-collecting practices.
How PandaDoc can help with CCPA
Businesses like yours can’t afford to be wrong about CCPA applicability or to get compliance wrong on the first try.
With PandaDoc, generating documents for important subject requests and opt-outs is a piece of cake!
In addition to a plethora of contract and agreement templates, you will also have access to a range of features that assure your company’s compliance with the CCPA, GDPR, and other regulatory requirements.
Sign up for a free trial with PandaDoc and get started today!