Overview

The California Consumer Privacy Act of 2018 (CCPA) provides California residents with a broad range of data privacy rights and privileges and is one of the most comprehensive data protection laws in the United States.

Pursuant to the CCPA, California residents have rights related to accessing personal data, requesting the deletion of personal data, receiving notice of data processing activities, and opting out from the sale of data.

On November 3, 2020, California voters approved Proposition 24, also known as the California Privacy Rights Act of 2020 (CPRA), which amends and expands upon the CCPA. In particular, the CPRA establishes new data privacy rights for California residents (e.g., rectification, do not “share” rights, limits on use of sensitive data), imposes new obligations and liabilities on businesses and service providers, and creates a regulatory agency empowered to enforce California privacy law and prosecute noncompliance. The new regulatory agency, the California Privacy Protection Agency, is vested with full administrative power, authority, and jurisdiction to implement and enforce the CCPA (as amended by the CPRA).

The CPRA becomes operative on January 1, 2023, and, with some exceptions, will apply to California residents’ personal information collected by organizations after January 1, 2022.

California has one of the largest economies in the world. Is your business impacted by California privacy laws? If so, here are just a few ways that Thompson Hine can help:

CCPA Checklist
  • Writing website privacy statements
  • Developing cookie policies and banners
  • Creating employee data privacy notices
  • Implementing designated data privacy request methods
  • Advising on internal policies and procedures
  • Conducting data protection impact assessments
  • Creating privacy request adjudication processes
  • Verifying and responding to data requests
  • Implementing training and recordkeeping
  • Advising on website configuration
  • Advising on vendor management and contracting
  • Developing data incident response plans
External Articles