The California Consumer Privacy Act of 2018 (CCPA) defines a clear and specific criteria for what businesses must comply. We’ve outlined the CCPA requirements in What Businesses Must Comply With The CCPA.
The CCPA does not have a small business exception. In fact, many small businesses are surprised to learn that they must in fact comply with the CCPA—even businesses with less than 10 employees and less than $1 million in revenue.
Let’s look at the CCPA criteria more closely to understand why. A business must:
Have annual gross revenues of more than $25 million, or
Buy, sell, or receive the personal information of 50,000 or more consumers, or
Derive 50% or more of their annual revenues from selling personal information
It’s pretty simple to determine if your annual revenue meets the $25 million gross revenue threshold. The other two criteria require a bit more work to evaluate and ultimately increase the number of small businesses impacted by CCPA substantially.
To see if the CCPA applies, small businesses should walk through the following exercises:
How to Calculate If Your Business Meets the 50,000 Consumers Threshold
In this exercise, we walk through how a business’s volume of web visitors can trigger the 50,000 consumer threshold.
How to Calculate If Your Business Meets The 50 Percent of Revenue Requirement
In this exercise, we walk through how a business’s use of interest-based advertising can result in derivative revenues that trigger the 50% revenue threshold.