Who is required to follow CCPA?

- [Narrator] You may think that if your business is outside of California, you aren't subject to CCPA. You'd be wrong. Let's look at the three situations that require compliance to the act, as well as some exceptions. The first is if you're a business located in California and have gross annual revenues that exceed $25 million. That means the revenue of your company, not the profit, which reduces revenue by its expenses. The second scenario is based on the number of components involved being more than 50,000. Components are consumers like John and Jane, households, the family that lives in the Smith home, or devices such as mobile phones and computers that have IP addresses. In this scenario, if you're a business that buys, receives, or sells the personal information of others and it includes any combination of these components, then you'd need to comply. It's important to note that it's a combination of all three of these components that make you subject to the act. For example, you have 25,000 consumers, 10,000 households, and 15,000 devices, which add up to 50,000 components, you'd need to comply. The final condition that businesses need to consider under CCPA is profiting from selling consumers' personal information. If a company derives 50% or more of its annual revenue from the sale of consumers' personal information, then they'd be required to follow the requirements of the act. Now, remember, your business doesn't necessarily have to be located in California to be subject to the CCPA. While the first condition of annual revenues greater than $25 million is specific to businesses in California, the other two conditions around volume of residents and revenue from selling personal information can apply to businesses anywhere in the world. Here's an example, if you own Granny's Homemade Candle Shop in California, and you only service 100 customers per month, you probably aren't subject to CCPA. However, if you're a part of a consumer survey website in Denmark that sells data to a large analytics organization for profit, you'd most likely need to comply. There are some organizations that are exempt. Insurance institutions, their agents, and support organizations are already bound by very similar regulations to CCPA under another California act called the Insurance Information and Privacy Protection Act, or IIPPA. For this reason, there was an amendment made to the California Consumer Privacy Act in April, 2020 providing an exemption for insurance organizations. There are three specific scenarios that businesses may find themselves in that require compliance to CCPA. Make sure to validate your business against those situations to determine CCPA's applicability to you.