Associations and the California Consumer Privacy Act

Sajad Hoffman-Hussain

December 31, 2019

    How best to serve members while protecting their personal information 


    Associations should consider upcoming privacy legislation in California that gives their members ownership, control, and security of their personal information.

    What is the California Consumer Privacy Act?

    The California Consumer Privacy Act (CCPA) protects consumers’ right to privacy who are residents of California, including households and individuals, and applies to companies that do business in the state.

    The act grants individuals living in California certain disclosure, access, and deletion rights with respect to their personal information collected by a business. Under the legislation, businesses must provide certain information to California residents via a privacy notice regarding the collection and use of their personal information.

    The cost of non-compliance can be expensive. California residents may sue a business for security breaches or stop them from selling their personal information in certain circumstances. Organizations can be fined $750 per consumer per data incident with private lawsuits and up to $7,500 per intentional violation by the Regulator as an enforcement penalty. It pays for your association to be aware of what’s needed to stay in compliance with the privacy law. Here’s what you need to know.

    When is it being introduced?

    The CCPA goes into effect on January 1, 2020.

    Who is impacted by the CCPA?

    Associations that meet the following criteria will be affected:

      • Revenue: All organizations that have at least $25 million in annual revenue.
      • People: Organizations that hold personal data about at least 50,000 people.
      • Sales of Personal Data: Organizations that collect more than half of their revenue from the sale of personal data.
      • Physical Presence: Organizations that do business with residents of California. It is important to note that organizations don’t have to be based in California or have a physical presence there to fall under the law. They don’t even have to be based in the United States.

    How is the CCPA different from GDPR?

    The CCPA is similar in spirit to the EU’s General Data Protection Regulation (GDPR), but there are minor differences associations will need to understand to assess whether they are affected by one or both of these regulations.

    See Compliance is forever and States to watch for data privacy and protection laws from the American Society of Association Executives for further context on the similarities and differences.

    How can Associations stay compliant with the legislation?
    Associations have a responsibility to their members to protect their sensitive data in a way that is compliant with current legislation and ethical business practices.

    Nimble AMS customers are covered with privacy and data protection benefits that help staff administrators to stay within the law.

    What data protection capabilities does Nimble AMS offer?

    Find out More Information on CCPA

    For more information, visit and

    Secure member data with Nimble AMS

    Learn more about Nimble AMS’s commitment to protecting association members private information by checking out the Help Site, or contacting our Customer Success team.

    Learn more about why Nimble AMS is the most in-demand AMS built on the Salesforce CRM platform.

    More industry insights, delivered to your inbox. Sign up for our blog!

    Recommended for you

    05/28/24 Trailblazing Topics

    How to successfully implement a vision at your association

    5 min read
    05/13/24 Trailblazing Topics

    3 questions to ask at Chicago AMS Fest 2024

    5 min read

    Blog Subscribe

    This will close in 0 seconds