The California Consumer Privacy Act – What It Means For Your Business

Orange County Attorney Today!

The California Consumer Privacy Act – What It Means For Your Business

One of the most significant laws in privacy legislation across the nation is the California Consumer Privacy Act, or CCPA. Effective since Jan. 01, 2020, this new law will establish new privacy rights for certain parties, whom are broadly defined, as well as the extensive responsibilities for covered businesses as it relates to the processing, collection, deletion, sales, or security of sensitive personal information.

Under the new legislation, businesses inside and outside the State of California will be affected. Business operators and managers need to understand the law, including its amendments or regulatory guidance in order to avoid penalty fees or the risk of costly litigation.

Business Compliance in California – CCPA

The California Consumer Privacy Act builds on a pre-established and complex matrix of security laws across the state and nation. It is important for businesses to develop and also implement critical practical strategies, policies or procedures that will meet their contractual, regulatory, and ethical responsibilities that concern security and data privacy.

The new legislation applies to for-profit businesses that process or collect the private information of residents in California and that also do business in the state. Moreover, the business will also need to:

  • Generate over $25 million in annual gross revenue,
  • Obtain or distribute the personal information of over 50,000 residents each year, or
  • Derive a minimum of 50% of its yearly revenue through the sales of private personal information of state residents.

Nonprofit entities, along with businesses that do not meet any of the aforementioned criteria do not need to comply with the California Consumer Privacy Act. What is important for all businesses to remain aware of is the under CCPA consumers have a right to private action, and they may pursue those claims as a class action. In addition, as we have seen with the New York Shield Act, CCPA has an extraterritorial reach; if your operations violate the CCPA for a California Consumer, CA reserves the right to pursue their claims against you wherever you are located.  That structure dramatically changes the risk factor for company’s like yours and represents a disconcerting precedent in the rapidly evolving world of US state privacy laws.

If you have not already done so you probably need to update your corporate Privacy Policy to include appropriate opt-out provisions, and most likely need to update your GDPR data Processing Addendum with your vendors to address CCPA. We can help you address current legislation and put you on a path to on-going compliance as the various laws develop and evolve.

The Consequences of Non-Compliance with California’s CCPA

In the event that the issue is not resolved, the business is subject to an injunction as well as liability for a civil penalty of $2,500 for each individual violation or $7,500 for every intentional violation. Since many records are regularly affected, the penalty for a business can be very extensive. Businesses will have 30 days to comply with the new legislation once regulators have notified them of a standing violation. However, the post-notice cure for security beach claims, that remediation will not eliminate your liability for the claim; so, you cannot afford to wait for a consumer to file a complaint before starting you CCPA preparations.

Speak to a Well-Versed California Consumer Privacy Act Attorney

If you have a business that is covered by the recently enacted California Consumer Privacy Act, you will need to update the company’s privacy policies. In order to avoid fines and other repercussions, it is critical to seek legal support when handling sensitive information of California residents. To obtain more information about your legal rights under the new California Consumer Privacy Act, it is best to protect your company against a lawsuit. Speak to a well-versed attorney who understands the procedural requirements that will need to be followed by the law. You can view all of our local Orange County Business Attorneys here.