U.S. Consumer Privacy

Overview

Comprehensive data privacy regulation is now a reality in the United States. From the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) to the Virginia Consumer Data Protection Act (VCDPA) and the Colorado Privacy Act (CoPA) to the host of industry and subject matter-specific regulations in place at the state and federal levels, our dedicated privacy compliance attorneys know this space inside and out. We have guided hundreds of companies through the compliance process, provide strategic advice on every aspect of consumer privacy, and are leading advocates for businesses facing regulatory investigations and consumer lawsuits. We proactively monitor new developments in this dynamic area of regulation and help our clients stay ahead of the curve.

What You Need to Know

When the CCPA took effect in January 2020, it ushered in a new era for privacy laws in the United States. Beyond regulation of specific types of information or specific industries, the CCPA’s protections apply to all California residents, regardless of their relationship with a business, the industry in which the business operates, or whether the business collects personal information online or offline. The CPRA further expanded consumer privacy rights, created additional requirements for businesses, established a new enforcement agency dedicated to data privacy, and will end exemptions for personal information collected from employees, job applicants and business-to-business contacts. 

Meanwhile, California is no longer alone in enacting comprehensive consumer privacy laws. When the VCDPA and CoPA take effect in 2023, more than 16 percent of the U.S. population will have the right to ask businesses what personal information is held about them, to delete or correct that information, and to limit certain uses and sharing, among other rights. With dozens of comprehensive privacy bills pending in state legislatures, other states will drive even further expansion of this type of regulation. While there are many commonalities that can be leveraged for compliance with these laws, it is critical to know the details of each, the nuances of when they apply, and how they fit with other privacy laws like the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA) and the Gramm-Leach-Bliley Act (GLBA).

At its core, compliance with consumer privacy laws requires a thorough understanding of how your business collects and uses personal information; how it shares personal information with business partners, vendors and others; the rights available to consumers; and what actions must be taken on personal information the business holds in order to delete it, correct it or provide a portable copy to a consumer.

How We Can Help

Compliance

Our privacy compliance attorneys are deeply familiar with the implications of the California, Virginia and Colorado privacy laws as well as legislative proposals in many other states. We provide clients with customized, practical advice that includes:

  • Compliance readiness assessments
  • Compliance program development and implementation
  • Inventory data and mapping data flows
  • Privacy policies and notices
  • Processing and responding to consumer rights requests
  • Privacy and data security assessments
  • Risk management
  • Vendor contract negotiation and drafting
  • Tracking legislative and regulatory developments
  • Due diligence for mergers, acquisitions and other transactions
  • Identifying, engaging and managing privacy and technology consultants and solutions

We provide privacy guidance for companies across all industries, including:

  • Advertising, marketing and digital media
  • Retail
  • Manufacturing
  • Hospitality
  • Technology, including software as a service
  • Healthcare
  • Financial services/wealth management
  • Human resource services and employee benefit providers
  • Professional services organizations
  • Real estate

We have helped hundreds of clients develop, implement and operate CCPA- and CPRA-compliant consumer privacy programs. We leverage this experience and our deep knowledge of the EU General Data Protection Regulation to assist clients as they work through the complexities of complying with VCDPA, CoPA and other new legislation. Combining our strength in privacy and advertising law, we also help publishers, advertisers and ad tech companies address complex issues regarding the impact of CCPA/CPRA on digital advertising, and work with the leading trade associations in this regard.

Enforcement

When the California Attorney General began enforcement of the CCPA on July 1, 2020, our firm was there to defend businesses caught in the first wave of enforcement. Businesses facing regulatory scrutiny continue to seek our unique knowledge in this regard, which includes:

  • Compliance readiness assessment
  • Compliance program development and implementation
  • Inventory data and mapping data flows
  • Privacy and data security assessments
  • Risk management
  • Tracking legislative and regulatory developments
  • Vendor contract drafting and review

Whatever the future brings in terms of new regulators like the California Privacy Protection Agency or new privacy laws that may include a private right of action, our regulatory and litigation teams will be at the ready to advocate for our clients.

Professionals

Name Title Office Email
Associate San Francisco
Associate New York
Associate Costa Mesa
Partner Atlanta
Associate San Francisco
Partner Dallas
Partner Denver
Associate Atlanta
Partner Los Angeles
Partner New York
Partner Philadelphia
Partner San Francisco
Partner New York
Associate New York

News

News

Blog Posts

Blog

In The Blogs

Previous Next
Data Counsel
8 Key Takeaways for Initial Defenses Under the CCPA and CPRA
By Stanton P. Burke, Casie D. Collignon, Jeewon K. Serrato
October 7, 2021
Authors: Marshall Mattera, Jeewon Serrato, Casie Collignon and Stanton Burke Since the Jan. 1, 2020 kickoff for private enforcement under the California Consumer Privacy Act (CCPA), plaintiffs have filed scores of class actions invoking...
Read More ->
Data Counsel
Virginia Becomes the Second State with a Comprehensive Privacy Law
March 2, 2021
Governor Ralph Northam has signed the Consumer Data Protection Act (CDPA), making Virginia the second state with a comprehensive privacy law. The CDPA is inspired by both the California Consumer Privacy Act (CCPA) and General Data...
Read More ->
Data Counsel
Virginia Poised to Enact the Consumer Data Protection Act, the Nation's Second Comprehensive Consumer Privacy Law
February 17, 2021
Having passed both houses of the Virginia General Assembly, the proposed Consumer Data Protection Act (CDPA) may become the second comprehensive consumer privacy bill to be enacted in the United States. However, to reach the governor’s...
Read More ->
Data Counsel
AdTech Under the CCPA and CPRA
February 15, 2021
Please join us for a follow-up discussion on AdTech Under the CCPA and CPRA, originally presented as part of the PrivacyOC Privacy Week Forums 2021. Speakers Alan Friel and Kyle Fath will discuss four seemingly overlapping consumer rights...
Read More ->
Data Counsel
California AG Becerra Tweets Endorsement for a Universal Opt-Out Tool
By Taylor A. Bloom
February 8, 2021
On Jan. 28, California Attorney General Becerra tweeted his support for a newly developed privacy tool that may function as a means for universal opt out. “#CCPA requires businesses to treat a user-enabled global privacy control as a...
Read More ->