California Consumer Privacy Act (CCPA) Compliance
The California Consumer Privacy Act of 2018 (CCPA) provides California residents with a broad range of data privacy rights and privileges and is one of the most comprehensive data protection laws in the United States.
Pursuant to the CCPA, California residents have rights related to accessing personal data, requesting the deletion of personal data, receiving notice of data processing activities, and opting out from the sale of data.
On November 3, 2020, California voters approved Proposition 24, also known as the California Privacy Rights Act of 2020 (CPRA), which amends and expands upon the CCPA. In particular, the CPRA establishes new data privacy rights for California residents (e.g., rectification, do not “share” rights, limits on use of sensitive data), imposes new obligations and liabilities on businesses and service providers, and creates a regulatory agency empowered to enforce California privacy law and prosecute noncompliance. The new regulatory agency, the California Privacy Protection Agency, is vested with full administrative power, authority, and jurisdiction to implement and enforce the CCPA (as amended by the CPRA).
The CPRA becomes operative on January 1, 2023, and, with some exceptions, will apply to California residents’ personal information collected by organizations after January 1, 2022.
California has one of the largest economies in the world. Is your business impacted by California privacy laws? If so, here are just a few ways that Thompson Hine can help:
CCPA Checklist
- Writing website privacy statements
- Developing cookie policies and banners
- Creating employee data privacy notices
- Implementing designated data privacy request methods
- Advising on internal policies and procedures
- Conducting data protection impact assessments
- Creating privacy request adjudication processes
- Verifying and responding to data requests
- Implementing training and recordkeeping
- Advising on website configuration
- Advising on vendor management and contracting
- Developing data incident response plans
California Voters Approve New Data Privacy Law - Privacy & Cybersecurity Update
November 04, 2020
California Legislature Extends CCPA’s Exemptions for Personal Information in the Employment and Business-to-Business Context - Privacy & Cybersecurity Update
September 18, 2020
Final CCPA Regulations Approved, Effective Immediately - Privacy & Cybersecurity Update
August 21, 2020
California Releases Final CCPA Regulations Ahead of July 1 Enforcement Deadline - Privacy & Cybersecurity Update
June 16, 2020
California Attorney General Publishes Modifications to CCPA Regulations - Privacy & Cybersecurity Update
March 16, 2020
California’s New Data Privacy Law Coming into Focus - Privacy & Cybersecurity Update
October 23, 2019
California’s New Privacy Law: Recent Amendments and Approaching Compliance Deadlines - Privacy & Cybersecurity Update
September 30, 2019
- "New CCPA regulatory provisions seek to clarify business requirements," IAPP, March 2021
- CCPA draft regulations: Privacy notices and accessibility in the employment context - IAPP's Privacy Tracker, July 2020
- The new CCPA draft regulations: Identity verification - IAPP's Privacy Tracker, June 2020
- The new CCPA draft regulations: Defining the scope of personal information - IAPP's Privacy Tracker, May 2020