Specific thresholds differ from state to state, with many of the new statutes only applying to organizations that control or process personal information relating to at least 100,000 state residents. Many question whether Internet Protocol (IP) addresses are considered personal information, but the California Attorney General refused to clarify that IP addresses could not, by themselves, constitute personal information under the California Consumer Privacy Act (CCPA). This is, instead, a fact-specific question.
