U.S. Consumer Privacy and the CCPA

Overview

CCPA Deadline

For more information on becoming prepared for the CCPA and a recently effective NV privacy law, please contact Alan Friel.

The California Consumer Privacy Act (CCPA) is scheduled to become effective on January 1, 2020, bringing unprecedented change to the U.S. data protection law landscape. Businesses that are not fully prepared to comply with the CCPA’s sweeping restrictions on the handling of consumers’ personal information face severe financial penalties. The CCPA is the first of what is likely to be a coming wave of consumer data privacy regulations at the state and even federal level, much as the General Data Protection Regulation (GDPR) is changing how business is done in the EU.

Our nationally ranked and highly respected Privacy and Data Protection team is deeply familiar with the implications of the CCPA and other legislative proposals and we provide clients with customized, practical advice regarding:

  • Compliance readiness assessment
  • Compliance program development and implementation
  • Inventory data and mapping data flows
  • Privacy and data security assessments
  • Risk management
  • Tracking legislative and regulatory developments
  • Vendor contract drafting and review
  • Identifying, engaging and managing IT consultants and solutions

Time is short. Companies subject to the CCPA should begin mapping their inventories of personal information and identifying all collection, uses, sales and sharing of that information given that the CCPA includes requirements that are subject to a 12-month lookback (i.e., to January 1, 2019).

We provide guidance on the CCPA and privacy compliance issues for companies across industries, including:

  • Advertising, marketing and digital media
  • Financial services/wealth management
  • Healthcare
  • Hospitality
  • Human resource services and employee benefit providers
  • Manufacturing
  • Professional services organizations
  • Real estate
  • Retail
  • Software and Software-As-a-Service providers
  • Technology

We have developed hundreds of privacy notices, policies and compliance programs pursuant to various U.S. laws and self-regulatory programs. Our team has counseled more than 175 clients on GDPR compliance, including through the development and implementation of internal programs and policies and we leverage this experience to assist clients as they work through the complexities of complying with the CCPA and other legislation.

The CCPA and other proposed state and federal legislation are similar in certain ways to the GDPR, but each has differing provisions that will require even businesses that are already GDPR-compliant to undertake new data privacy efforts.

What You Need to Know about the CCPA
  • CCPA’s protections apply to all California residents, regardless of their relationship with an organization (e.g., employees, customers, business leads) or whether their personal information is collected online or offline.
  • Companies that handle personal information – any information that identifies a consumer or household – of as few as 50,000 devices, individuals or households annually may be subject to the act.
  • Businesses with revenues of $25 million or more may have compliance obligations no matter how much personal information they collect from Californians.
  • The CCPA provides California residents with a right to be informed of the categories of personal information that a business collects or otherwise receives, sells or discloses about them; the purposes for these activities; and the categories of parties to which their personal information is disclosed.
  • The Act also grants California residents the right to request more detailed information about the personal information a business holds specifically about them, and the right to obtain portable copies of their personal information from the business.
  • The CCPA gives Californians the right to prohibit a business from selling their personal information, and to request that a business delete their personal information.
  • Violations of the CCPA are enforceable by the California Attorney General, who may bring actions for civil penalties of $2,500 per violation, or up to $7,500 per intentional violation.
  • Notably, the CCPA includes a private right of action with the potential for statutory damages, though as currently drafted this remedy is most likely intended to be limited to certain types of data security incidents.

Professionals

Name Title Office Email
Associate New York
Associate Costa Mesa
Partner Atlanta
Associate Denver
Associate New York
Partner Los Angeles
Associate Atlanta
Partner Los Angeles
Associate Seattle
Associate Los Angeles
Associate Los Angeles
Partner New York
Partner Philadelphia
Associate Atlanta
Associate Costa Mesa
Partner New York
Partner Washington, D.C.
Associate New York

News

News

Press Releases

Publications

Alerts

Articles

Blog Posts

Key Contacts

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Children's Privacy Law Updates: Tricks or Treats?
By Carolina A. Alonso
October 31, 2019
It’s finally here! Halloween, the day every kid dreams of for months. It’s a scary time in the world of children’s privacy law – what with the California Consumer Privacy Act (CCPA) lurking around the corner and the specter of FTC...
Read More ->
Data Privacy Monitor
IAB Releases Draft CCPA Compliance Framework for Digital Advertising Industry
By Kyle R. Fath
October 25, 2019
The Interactive Advertising Bureau (IAB) publicly released its draft CCPA Compliance Framework for Publishers and Technology Companies (“Framework”) on Oct. 22, 2019. As we reported here, the Framework is being developed by the IAB and the...
Read More ->
Data Privacy Monitor
A Balancing Act: A Brief Overview of California Privacy Laws
By Kamran Salour
October 23, 2019
The California Consumer Privacy Act (“CCPA”) takes effect on January 1, 2020. The CCPA aims to provide consumers with an unprecedented array of rights concerning the control of their personal information and, correspondingly, imposes an...
Read More ->
Data Privacy Monitor
Just When You Thought It Was Safe to Go Back into the Water – CCPA 2, the Sequel
By Alan L. Friel, Daniel A. Pepper
October 21, 2019
If you’ve been feeling encouraged about your company’s preparation for the California Consumer Privacy Act’s (CCPA) launch on January 1, 2020, you may not want to breathe a sigh of relief just yet. Alastair Mactaggart, the founder and...
Read More ->
Data Privacy Monitor
CCPA Amendments Signed into Law by California Governor
By Kyle R. Fath
October 14, 2019
On Friday, October 11, 2019, California’s governor signed into law each of the six CCPA amendment bills passed by the legislature, bringing some finality and clarity to the scope of the CCPA (at least with respect to details which will not...
Read More ->