Home » IT & Tech Blogs » Information Technology » Business » How CCPA Affects Businesses Outside Of California

How CCPA Affects Businesses Outside Of California

Many countries around the world have data privacy laws that require businesses to protect personal information with utmost care. Not having an active privacy policy not only attracts costly legal battles and substantial fines imposed by the federal government, but it also widens the gap between brand promises and consumer trust.

If you’re operating a for-profit business in California or if you are collecting personal information relating to consumers that reside in this state, the California Consumer Privacy Act (CCPA) is one law that you can’t afford to ignore. If you haven’t heard about this new law just yet, there’s no better time to familiarize yourself with it than now. In this article, we’ve outlined important aspects of CCPA that you should know about, including what this law is and how it affects your business.

What is CCPA?

The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that outlines strict requirements for companies that collect personal private data. Touted as the strongest privacy legislation enacted in the United States so far, CCPA is akin to the EU’s General Data Protection Regulation (GDPR) due to its comprehensive approach to privacy protection.

While the CCPA went into effect on January 1, 2020, the office of the California attorney general will not take any legal action against businesses that will not have complied until July 1, 2020. This new law applies to for-profit businesses that handle personal information of California-based consumers, business-to-consumer contacts, or employees and that meet any of the following statutory thresholds:

  • Gross revenues of $25 per year
  • Collect, buy, receive, sell, or share personal information of at least 50,000 California-based consumers, devices, or households for commercial purposes,
  • Gain at least 50 percent of its annual gross revenues from selling consumer’s personal data.

While the applicable thresholds exclude many small and midsize companies, a business could meet the second threshold if it attracts at least 140 California-based consumers per day through its website. Furthermore, subsidiaries that share the same branding with their parent companies are also required to comply with the CCPA law even if they themselves do not meet the applicable thresholds.

How CCPA Affects Your Business

If you thought that the CCPA doesn’t apply to you because your business has no physical presence in California, think again. Although California-based companies are directly affected by this law, companies outside of California will also be affected if they meet any of the three statutory thresholds.

According to the International Association of Privacy, the CCPA could affect more than half a million businesses in the United States. With similar laws manifesting in many other states, all companies from all states will have to comply with some sort of data privacy law in the near future.

For companies affected by the CCPA law, the burden of complying is very real. Some of the obligations that your company must meet include:

  • You must publish a Privacy Policy that complies with CCPA regulations
  • You must update your Privacy Policy at least once per year
  • You must have a “Do Not Sell My Personal Information” page if your business sells personal data
  • Inform consumers about what happens to the personal information after they share it with you
  • Preserve a data inventory to outline your history of personal data processing
  • Ensure that consumers are conversant with their rights under the CCPA
  • Alert consumers before or at the time you’re collecting their personal data that you want permission to collect their data
  • Grant consumers the right to access the personal data that you have on them
  • Give details of how consumers can request for your business to erase their personal data

What Must Your Business Do Now?

A good starting point is to take stock of your data and determine what type of data your company is collecting, what you are doing with it, with whom you are sharing it, and where you store it. If you already have a data privacy policy in place, you may need to update it, even if it complies with the GDPR regulations. In other words, it is important to review your data privacy policies and practices to conform to the CCPA regulations.

After putting your house in order, you should take the time to identify all third parties and vendors that receive consumers’ personal data from your business. After you’ve identified them, be sure to add proper contract terms to deal with the CCPA, including terms relating to the use or disclosure of personal data obtained from your business. This is to make it clear that your business is not making your customers’ personal information available for sale to vendors.


Business owners and leaders can expect the CCPA to evolve in the coming months and years. With many states joining the privacy regulation bandwagon, businesses across the United States should seriously consider becoming compliant. Provided that regulatory change in the region will be constant, it makes more sense building a dynamic privacy policy that can easily adjust to changes as they occur.

Originally posted 2020-02-26 23:05:26. Republished by Blog Post Promoter

Check Also

7 Tips to Help Your Biz Work More Efficiently

When it comes to the fast-paced world of business, efficiency is the most important factor. …

Information Technology Blog

Accessibility Tools