Any enterprise, regardless of location, which collects or processes personal data of California residents are subject to CCPA regulations if they meet one of the following criteria:

• Revenue above $25 million

• Make 50% or more of revenue from the selling of consumers personal information

• Receives, buys or sells 50’000 or more consumers or household's personal information

Salesforce serves as a system of engagement and customer interaction for businesses. This makes it a significant data store of Personally Identifiable Information (PII) such as

• Lead, Contact, User

• Person Account, Household

• Case, Opportunity, Quote, Order etc. 

​In addition, custom and managed package objects also store PII and often require CCPA compliance.

​Data privacy challenges for Salesforce customers are common across industries and company size, and require capabilities to standardize, streamline and automate.

There are three main business considerations for CCPA:

• Disclosures

• Consumer requests

• Opt-outs

CCPA outlines three basic rights for consumers; The Right To Knowledge, Right To Be Forgotten, and The Right To Control who has access to their personal information.