Does CCPA Apply to Nonprofits?

The California Consumer Privacy Act of 2018 (“CCPA”) is a law that grants California residents new rights to know about and control the collection, sharing, and sale of a broad array of personal information.

The CCPA requires certain businesses to honor these consumer rights. It generally applies to for-profit businesses that do business in California and fulfill one of the following requirements:

  • Have annual gross revenues of more than $25 million
  • Buy, sell, or receive the personal information of 50,000 or more consumers
  • Derive 50% or more of their annual revenues from selling personal information.

However, the CCPA will also apply to other entities, including some non-profit organizations.

Any entity, including a non-profit, that controls or is controlled by a business that meets any of the above requirements must comply with the CCPA if it shares common branding with the for-profit business that it controls or is controlled by.

Control means ownership of, or the power to vote, more than 50 percent of the outstanding shares of any class of voting security of a business; control in any manner over the election of a majority of the directors, or of individuals exercising similar functions; or the power to exercise a controlling influence over the management of a company.

Common branding means a shared name, servicemark, or trademark.