U.S. Consumer Privacy and the CCPA

Overview

The California Consumer Privacy Act (CCPA) is scheduled to become effective on January 1, 2020, bringing unprecedented change to the U.S. data protection law landscape. Businesses that are not fully prepared to comply with the CCPA’s sweeping restrictions on the handling of consumers’ personal information face severe financial penalties. The CCPA is the first of what is likely to be a coming wave of consumer data privacy regulations at the state and even federal level, much as the General Data Protection Regulation (GDPR) is changing how business is done in the EU.

Our nationally ranked and highly respected Privacy and Data Protection team is deeply familiar with the implications of the CCPA and other legislative proposals and we provide clients with customized, practical advice regarding:

  • Compliance readiness assessment
  • Compliance program development and implementation
  • Inventory data and mapping data flows
  • Privacy and data security assessments
  • Risk management
  • Tracking legislative and regulatory developments
  • Vendor contract drafting and review
  • Identifying, engaging and managing IT consultants and solutions

Time is short. Companies subject to the CCPA should begin mapping their inventories of personal information and identifying all collection, uses, sales and sharing of that information given that the CCPA includes requirements that are subject to a 12-month lookback (i.e., to January 1, 2019).

We provide guidance on the CCPA and privacy compliance issues for companies across industries, including:

  • Advertising, marketing and digital media
  • Financial services/wealth management
  • Healthcare
  • Hospitality
  • Human resource services and employee benefit providers
  • Manufacturing
  • Professional services organizations
  • Real estate
  • Retail
  • Software and Software-As-a-Service providers
  • Technology

We have developed hundreds of privacy notices, policies and compliance programs pursuant to various U.S. laws and self-regulatory programs. Our team has counseled more than 175 clients on GDPR compliance, including through the development and implementation of internal programs and policies and we leverage this experience to assist clients as they work through the complexities of complying with the CCPA and other legislation.

The CCPA and other proposed state and federal legislation are similar in certain ways to the GDPR, but each has differing provisions that will require even businesses that are already GDPR-compliant to undertake new data privacy efforts.

What You Need to Know about the CCPA
  • CCPA’s protections apply to all California residents, regardless of their relationship with an organization (e.g., employees, customers, business leads) or whether their personal information is collected online or offline.
  • Companies that handle personal information – any information that identifies a consumer or household – of as few as 50,000 devices, individuals or households annually may be subject to the act.
  • Businesses with revenues of $25 million or more may have compliance obligations no matter how much personal information they collect from Californians.
  • The CCPA provides California residents with a right to be informed of the categories of personal information that a business collects or otherwise receives, sells or discloses about them; the purposes for these activities; and the categories of parties to which their personal information is disclosed.
  • The Act also grants California residents the right to request more detailed information about the personal information a business holds specifically about them, and the right to obtain portable copies of their personal information from the business.
  • The CCPA gives Californians the right to prohibit a business from selling their personal information, and to request that a business delete their personal information.
  • Violations of the CCPA are enforceable by the California Attorney General, who may bring actions for civil penalties of $2,500 per violation, or up to $7,500 per intentional violation.
  • Notably, the CCPA includes a private right of action with the potential for statutory damages, though as currently drafted this remedy is most likely intended to be limited to certain types of data security incidents.

Professionals

Name Title Office Email
Associate New York
Associate Costa Mesa
Partner Atlanta
Associate Denver
Partner Los Angeles
Associate Atlanta
Partner Washington, D.C.
Partner Los Angeles
Associate Los Angeles
Partner New York
Counsel Philadelphia
Associate Atlanta
Partner Washington, D.C.

News

News

Related Services

Featured Video

California Consumer Privacy Act (CCPA) [as amended by SB-1121]
Play Video

Alan Friel Presents on the California Consumer Privacy Act (CCPA) at UCLA's Big Data Conference

Key Contacts

Blog

In The Blogs

Previous Next
Data Privacy Monitor
CCPA Expansion Proposed
By Taylor A. Bloom, Alan L. Friel
February 27, 2019
On Monday, Feb. 25, California Attorney General Xavier Becerra, together with Sen. Hannah-Beth Jackson (D), announced Senate Bill 561 to amend the California Consumer Privacy Act (CCPA). Most significantly, SB 561 would effectively...
Read More ->
Data Privacy Monitor
The Use of Smart Speakers in the Healthcare Industry
February 1, 2019
Smart speakers are voice-activated, internet-connected devices with an integrated virtual assistant that can answer questions, follow instructions and control other smart devices. Nearly one in five U.S. adults has access to a smart...
Read More ->
Data Privacy Monitor
Public Forums on the California Consumer Privacy Act Continue in Los Angeles – Rulemaking to Follow
By Alan L. Friel, Niloufar Massachi
January 28, 2019
The public forums on the California Consumer Privacy Act (CCPA), held by the California Attorney General (AG) and the Department of Justice, continued on Friday, Jan. 25, in Los Angeles, California. At the forum, speakers had a brief...
Read More ->
Data Privacy Monitor
First Public Forum on the California Consumer Privacy Act
By Taylor A. Bloom, Alan L. Friel
January 14, 2019
The California Attorney General and the Department of Justice held the first public forum about the California Consumer Privacy Act (CCPA) on Tuesday, Jan. 8, in San Francisco. The public forums are part of the rulemaking process the...
Read More ->
Data Privacy Monitor
California Legislature Cracks Down on Advertising Bots Involved in Commercial Transactions and Influencing Voters in Elections
By Alan L. Friel, Zoe Steinberg
October 8, 2018
By: Alan L. Friel and Zoe Steinberg Bot or real person? – a question most online users probably don’t ask themselves when interacting online or seeing how many followers a person has on a social media platform. Most likely, online users...
Read More ->