Privacy & Data Security

California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) took effect on Jan. 1 2020, posing a host of new data privacy compliance challenges for companies with customers in California or clients who do business in the state, which is the sixth-largest economy in the world.

The new law — which has quickly become a model for others states’ privacy legislation — affects for-profit companies that collect and process California residents’ personal information, have business in the state and meet one of the following three criteria:

  • Generate annual gross revenue > $25 million
  • Receive or share data of > 50,000 California residents annually
  • Derive at least 50 percent of annual revenue by selling California residents’ personal information

Companies that fall under the act must also ensure that any service providers that handle data on their behalf do it in a manner that complies with the law.

CCPA includes a broad definition of personal information and conveys new rights designed to give consumers more control over their data. These include the ability to opt out of having their data sold, to request information on the types of data companies collect and/or a copy of the actual data collected and, in many cases, the right to request that their data be erased.

Penalties for noncompliance are $2,500 per record for each unintentional violation and $7,500 per record for each intentional violation.

Fox Rothschild can help companies prepare for CCPA compliance, avoid costly penalties and develop a competitive advantage on issues of privacy and data security, by assisting with:

  • Updating disclosure notices
  • Data mapping and audits
  • Third party service provider agreements
  • Data collection disclosure and polices and procedures
  • Data deletion policies and procedures
  • Opt-out policies and procedures
  • Privacy policy updates
  • Employee training