Articles summarizing CCPA often state that it applies to for-profit businesses that do business in California that satisfy certain criteria, and they fail to ever mention that CCPA does apply to some non-profits.
The CCPA defines “business” as “a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that collects consumers’ personal information, or on the behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California, and that satisfies one or more of the following thresholders…[annual gross revenue in excess of $25M; buys/receives/sells/shares personal information of 50K or more consumers; or derives 50 percent or more of its annual revenues from selling consumers’ personal information].” See CA 1798.140(c)(1).
However, the statute does not stop there. It goes on to explain instances when a non-profit could be subject to CCPA. Specifically, if the non-profit entity controls or is controlled by an entity that qualifies as a “business” under CCPA (i.e., meets the above criteria), and shares common branding with that business, then the non-profit is subject to CCPA.
“Control” or “controlled” is defined broadly by CCPA as “ownership of, or the power to vote, more than 50 percent of the outstanding shares of any class of voting security of a business; control in any manner over the election of a majority of the directors, or of individuals exercising similar functions; or the power to exercise controlling influence over the management of a company” (emphasis added). What “the power to exercise controlling influence over the management of a company” means is yet to be determined.
“Common branding” is defined by CCPA as “a shared name, servicemark, or trademark.”
If you need help determining whether your non-profit is exempt from CCPA, please contact us at privacy@rothwellfigg.com.