Privacy & Data Security

California Consumer Privacy Act

CCPA Compliance News

Fox Rothschild monitors the latest developments in California's implementation of the California Consumer Privacy Act (CCPA) to keep clients ahead of the compliance curve. The law is scheduled to take effect in 2020, but California state lawmakers are considering amendments that could affect companies' obligations. Check this page for updates from our Privacy Compliance & Data Security Blog:

Recent Blog Posts

  • Behold: The Ten Commandments of CCPA Compliance For a lighter, but still instructive, take on the California Consumer Privacy Act and the recently released CCPA draft regulations, here are the Ten Commandments of CCPA Compliance: • Thou shalt make for yourself a person overseeing privacy compliance in thine corporation. • Thou shalt map thy data so thou knowest what it is, wherefrom it cometh and where it is shared. • Thou shalt keep thy service providers close and thy third parties closer and revise thine own agreements with them. • Thou... More
  • Proposed CCPA Regs Have Implications for Service Providers Providers of services that involve the personal information of California residents: What do the proposed CCPA Regs mean for your compliance? You may want to: Reassess whether CCPA applies to you – this is now possible if you otherwise meet the requirements for “service provider” under CCPA, and: are a “service provider” to an entity which is not a business (e.g. education systems, hospitals etc.) direct a person or entity to collect personal information directly from a consumer on behalf of a business.  If you are... More
  • Companies Doing Business in California Face Heightened Litigation Risk Under CCPA “Companies doing business in California may face a heightened risk of litigation when the state’s new privacy law takes effect in January, litigation and privacy attorneys say,” reports Bloomberg’s Sara Merken. “The California Consumer Privacy Act clears the way for state residents to sue companies for data breaches involving certain information, if a company fails to maintain reasonable security. Californians can seek damages of between $100 and $750 per consumer per incident under the law. That may mean millions of dollars... More
  • Study: CCPA Compliance Cost $55 Billion A new study estimates the costs of California Consumer Privacy Act (CCPA) compliance: “California’s new privacy law could cost companies a total of up to $55 billion in initial compliance costs, according to an economic impact assessment prepared for the state attorney general’s office by an independent research firm.” “On the low end, the researchers estimated that firms with fewer than 20 employees might have to pay around $50,000 at the outset to become compliant. On the high end, firms with more... More
  • First Impressions: California Attorney General Issues Draft CCPA Regulations The California Attorney General has issued long-awaited draft regulations for the California Consumer Privacy Act (CCPA), which is scheduled to take effect in 2020. High level takeaways: Big emphasis on disclosure and transparency: both format and content of the privacy notices. Separation between the privacy notice for “at or before collection of information” and the “website privacy policy.” Emphasis on reasoning for taking actions (e.g. not deleting per request, etc.). Specific instructions on how to respond to requests (Hint: can’t wait until day 44 to... More
  • Munich Court Ruling Contains Key Takeaways for Consumer Access Requests Under GDPR and CCPA A local  Munich court has interpreted the right of access under Article 15 of GDPR and German law. Here are some key takeaways for GDPR and for consumer access requests under CCPA: The right of access under GDPR is a comprehensive right concerning the stored or processed personal data. It includes all data, such as name or date of birth, as well as any characteristics that can make a person identifiable, eg health data, account number, etc. It does not include the business’... More
  • US Federal Data Privacy Law Unlikely by End of 2019 A U.S. online privacy bill is not likely to come before Congress this year, three sources told Reuters. Lawmakers disagree over issues like whether the bill should preempt state rules. While the sources, who are involved in the negotiations, still think it is possible at least one discussion draft of the bill could land before the year ends, congressional negotiators must still agree on whether it is adequate to simply ask consumers to consent to collection of personally identifiable information and... More
  • Deputy California AG: No Time Like the Present to Work on CCPA Compliance “It is very important for businesses to start thinking about compliance now. From my perspective, we are getting ready for enforcement in parallel with our rule-making process.” — Deputy California Attorney General Stacy Schlesser.  Schlesser says there is no time like the present to work on CCPA compliance. Though the attorney general can begin enforcement only on July 1, 2020, “When and if the attorney general takes action in July, it can, in fact, retroactively enforce for infractions committed starting Jan. 1,” said Travis LeBlanc,... More
  • California Attorney General: Draft CCPA Regulations Coming in October California Attorney General Xavier Becerra expects to publish draft regulations on the CCPA in October, according to Bloomberg Law,  and plans to have them in place when the law takes effect in 2020. Read the full story.  ... More
  • CCPA Amendment Adds Data Broker Registration Un-broker my heart, a late amendment to the CCPA has added data broker registration to the mix. All data brokers as defined in amendment AB-1202 are required to: register with the Attorney General on or before January 31 following each year in which a business meets the definition of data broker. This means disclosing their name and any additional information or explanation the data broker chooses to provide concerning its data collection practices. pay a registration fee Who’s covered: any business that knowingly collects... More