• Solutions for managing the intersection of cybersecurity, vendors/supply chain, and data privacy risks.


The California Consumer Privacy Act (CCPA), which was signed into law in June 2018, is the first United States law following in the footsteps of GDPR. And before you assume that the CCPA will not affect you because your business is not located in California, know that companies both inside and outside of California will be affected by its the requirements.

The CCPA extends the protections and rights thereunder to California residents, which is defined as any natural person “enjoying the benefit and protection of laws and government” of California who is in California “for other than a temporary or transitory purpose” or “domiciled” in California but “outside the State for a temporary or transitory purpose.”

The CCPA applies to for-profit entities that both collect and process the Personal Information of California residents and do business in the State of California. However, a physical presence in California is not a requirement, and it appears that making sales in the state would be sufficient. Additionally, the business must meet at least one of the following criteria in order for the CCPA to apply:

  • The business must generate annual gross revenue in excess of $25 million,
  • The business must receive or share personal information of more than 50,000 California residents annually, or
  • The business must derive at least 50 percent of its annual revenue by selling the personal information of California residents.

Rofori can help you understand CCPA and its impact on your business.

Let DEFCON™ Cybersecurity Risk Assessment and DEFCON™ Data Privacy Risk Management solutions help you to better navigate and assess your cybersecurity practices, vendor due diligence, and compliance readiness!

Contact Us