Written by Charles Weaver, CEO of MSPAlliance
We have previously written and discussed CCPA for the last year, but 2020 will soon be here, and that means CCPA compliance will be the law. MSPs operating within the state of California are implicated in this data protection law. However, MSPs outside the state also need to pay attention to the law many are calling "GDPR for the United States".
Let's examine how this law could impact MSPs and what you should be doing to prepare.
What is CCPA?
California Consumer Privacy Act (CCPA) is a law intended to protect individuals against the misuse of their data by third parties. CCPA defines “personal information” as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” If this sounds like a very expansive definition of personal data, you are right. In many ways, CCPA has a broader view of personal data than GDPR does.
Does CCPA Apply to me?
Here is a list of the companies having to comply with CCPA.
- For-profit companies with greater than $25 million in revenues.
- Companies who buy, receive, sell, or share consumer data from 50,000 or more consumers, households, or devices, or,
- Companies that gain a majority of their annual revenue from the selling of personal data.
For those of you paying attention, there is no requirement that your company has a presence in California for CCPA to apply to you. CCPA was intended to have a wide reach, just like GDPR.
Does CCPA Impact Me?
In the broader context, the answer is yes, CCPA will be impacting you even if you do not notice it. Some companies are preparing for CCPA by eliminating any distinction between their California and non-California business customers.
For example, Microsoft recently stated in a blog post that the company would be complying with CCPA everywhere in the United States.

