This new regulation applies to all for-profit businesses that collect and control the personal information of California residents, do business in the state of California, and either (a) earn $25,000,000 a year in revenue, (b) buy or sell 50,000 consumer records each year, or (c) derive at least 50% of their annual revenue by selling the personal information. All businesses that meet these conditions must comply, whether they are located in California, a different state or even a different country.
As a result, these organizations will have to drastically improve their IT security and information management processes to be ready for consumers to start exercising their rights starting from January 1, 2020, when the CCPA comes into full force.
