California Consumer Privacy Act

It is impossible to miss articles about the California Consumer Privacy Act (CCPA) and its expected impact on businesses across the U.S. The effective date of the law, January 1, 2020, is right around the corner. If you haven’t started analyzing the law and what you need to do to comply, the time is now. McDonald Hopkins' national Data Privacy and Cybersecurity team has created a multitude of resources to help our clients understand and comply with the CCPA, including the CCPA primer below. For questions about the CCPA or any of the information available here, contact a member of our Data Privacy and Cybersecurity team.

What is the California Consumer Privacy Act?

California enacted the Consumer Privacy Act of 2018 in part as a response to revelations that Facebook data was shared with the political data firm Cambridge Analytica without users’ knowledge or permission. The law, which will be effective starting Jan. 1, 2020, imposes obligations on businesses that collect and process personal information on California consumers to give those consumers rights to access, delete, and restrict certain uses of personal information, among other rights. Many of the rights afforded to California residents will parallel the data subject rights found in the EU's General Data Protection Regulation (GDPR).

The California Consumer Privacy Act of 2018 was given a delayed enforcement date to allow impacted businesses time to come into compliance. Additionally, the law does not authorize the attorney general to bring enforcement action until July 1, 2020, or until six months after the publication of final regulations pertaining to the law, whichever occurs first. 

Who is affected by the CCPA?

The California law applies to a “business,” which is a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that collects consumers' personal information, or on behalf of which such personal information is collected, that does business in California and has annual gross revenue in excess of $25 million; buys, receives, sells, or shares the personal information of 50,000 or more consumers, households, or devices; or derives 50% or more of its annual revenues from selling consumers’ personal information.

Don’t get too caught up in the word “consumer” in the law’s title. A consumer under the law is a natural person who is a California resident. As such, a business can be responsible for complying with the law even if the California residents it serves are not actual consumers of any product or service. Similarly, “personal information” is defined more broadly than under other California privacy laws. Personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. 

New call-to-action

ATTORNEYS

Attorneys

Dan L. Makee
Adam C. Smith
Jermaine  Conner
Joelle H. Dvir
Beth I. Gillin
Amanda Rose Martin
Martin  McElligott
Jacob  Radecki
Show More
+