Over the last several weeks, you may have noticed that your email account has been inundated with notices that websites are updating their privacy policies. This is most likely because the California Consumer Privacy Act of 2018 (CCPA) went live on January 1, 2020. The CCPA gives California residents additional rights regarding how their personal information is collected, used, stored, sold, and disclosed. If you qualify as a “business” under the CCPA, you will have to comply with its regulations. At a minimum, you will probably need to update your privacy policy (hence all of the emails that you have been getting!).

Hopefully this blog post can answer some of your questions regarding the CCPA and whether you will need to comply with it

Why are there so many privacy laws, what’s the point?

Privacy laws such as the CCPA and the European Union’s General Data Protection Regulation (GDPR) all center around the same idea: Your personal information is your personal property and you have a right to determine if and how others may use it.

In simple terms: You wouldn’t let someone use your car unless you gave them permission, knew where they were taking it, and knew if they would be lending the car to anyone else, right? The same is true with personal information.

Individuals who are protected under the CCPA (and GDPR) have the right to know whether their personal information is being collected, what it will be used for, and who it will be shared with.

Does the CCPA apply to me?

The CCPA applies to “businesses,” as defined in the CCPA. If you don’t meet the definition of a business, you’re probably safe to assume you don’t need to comply with the CCPA. Remember, you may still need to comply with the GDPR.

Generally speaking, you will need to comply with the CCPA if:

  1. You are a for-profit legal entity (e.g. sole proprietorship, partnership, LLC, corporation)
  2. You collect or receive California residents’ personal information (e.g. either directly from the individual or through other means like cookies)
  3. You do business in California and
  4. You satisfy one or more of the following:
    1. Have annual gross revenues in excess of $25 million
    1. Annually buy, receive, sell, or share the personal information of 50,000 or more California residents
    1. Derive 50% or more of your income from selling California resident’s personal information

If you do not meet the definition of “business” but are controlled by an entity that does meet the definition, then you may be subject to the CCPA (see #3 below).

For a full definition of “business” under the CCPA please visit the following link.

I am a non-profit corporation, am I exempt from complying with the CCPA?

The CCPA generally applies to for-profit entities. Specifically, the CCPA applies to legal entities that are “organized or operated for the profit or financial benefit of [their] shareholders, or other owners.” Under this definition, nonprofits will be exempt.

However, if a nonprofit is controlled by a business that satisfies the definition in Question 2 and shares “common branding,” with that business, the nonprofit would be subject to the CCPA.  Control generally means that the business (1) owns/has the power to vote more than 50% of the outstanding shares (2) controls in any manner the election of a majority of directors or (3) has the power to exercise controlling influence over the management of the company. “Common branding” means a shared name, servicemark, or trademark.

If you think that the CCPA might apply to you, or to learn more, please feel free to contact us at the Apex Law Group!

The article provided above is for general information purposes only and should not be relied on as specific legal advice. This article does not form an attorney-client relationship. If you have any questions or would like to hear more about how Apex can help you please contact Peter J. Smith

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top