• Attorneys
  • Practices & Industries
  • Thought Leadership +
    • Videos
    • Podcasts
    • Publications
      • Chemical Law & Prop 65 Blog
    • Webinars
  • News & Events +
    • News
    • Events/
      Speaking Engagements
  • About
  • Careers
  • Diversity
  • Contact
  • Offices
  • Payment Portal +
    • Pay your invoice
    • Pay your retainer
Buchalter
  • About
  • Careers
  • Diversity
  • Contact
  • Offices
  • Attorneys
  • Practices & Industries
  • Thought Leadership +
    • Publications
      • Chemical Law & Prop 65 Blog
    • Webinars
    • Videos
    • Podcasts
  • News & Events +
    • News
    • Events/
      Speaking Engagements
  • Payment Portal +
    • Pay your invoice
    • Pay your retainer
« View All Publications

California Consumer Privacy Act

  • Download


Buchalter Client Alert

California recently enacted the California Consumer Privacy Act (“CCPA”) which calls for companies to fundamentally change certain practices relating to the collection and use of personal information. Similar to the European Union’s General Data Protection Regulations “GDPR”), the CCPA extends additional privacy rights to California’s 40 million residents. This alert provides information relating to: (1) who needs to comply with CCPA; (2) the privacy rights at issue; (3) fines and causes of action associated with CCPA violations; and (4) the similarities between the CCPA and GDPR.

1. WHO NEEDS TO COMPLY WITH THE CCPA?

The CCPA applies to entities that process personal information of California residents and meet one or more of the following (alone or in connection with an affiliated organization):

(i) generate $25,000,000 or more in annual revenue;

(ii) generate 50% or more of its annual revenue from selling consumers’ personal information; or

(iii) receive, buy, share or sell the personal information of 50,000 or more Californian consumers, households, or devices, annually.

2. CCPA RIGHTS

a. The right to know.

The CCPA gives Californians the right to know:

(i) what personal information is being collected, sold and/or disclosed, and the right to know the sources of such information;

(ii) what categories of personal information have been collected about him/her in last 12 months, and the sources of such information;

(iii) the business purposes (and related categories) for collecting and/or selling their personal information; and

(iv) what third-party businesses (by industry or category) their personal information is shared with.

b. The right to access their personal information.

Californians have the right to obtain a copy of their personal information (free of charge) by mail or in an accessible electronic format (similar to GDPR).

c. Right to be forgotten.

Californians have the right to request that their personal information being maintained by a company be destroyed.

d. Right to opt-out.

The CCPA requires website owners to place a conspicuous link entitled “Do Not Sell My Personal Information” to a separate California consumer website informing Californians of their right to opt-out of having their personal information sold.

IMPORTANT NOTE: OPT-IN IS REQUIRED FOR CHILDREN BETWEEN THE AGES OF 13-16.

 e. Right to consumer equality.

Negative consumer treatment for Californians exercising their CCPA rights is prohibited.

3. CCPA CAUSES OF ACTION AND FINES FOR VIOLATIONS

CCPA provides for the following fines and rights of actions:

a. Attorney General action and penalties.

(i) The California Attorney General can bring action against offending companies (and their service providers), and/or persons.

(ii) Penalties range between $2,500 to $7,500 (based upon whether the violation was negligent or intentional).

b. Civil action and penalties.

(i) The CCPA provides for a private right of action.

(ii) Penalties range from $100 to $500 per person per incident and actual damages.

4. KEY SIMILARITIES BETWEEN CCPA AND GDPR

a. Personal Information Defined.

Both the CCPA and GDPR similarly define personal information as:

(i) Real Name or Alias

(ii) Postal Address

(iii) Social Security, Driver’s License, or Passport Number

(iv) Date of Birth

(v) Race, Ethnicity, Gender

(vi) Biometric and Psychometric Data

(vii) Other Unique Identifiers, (i.e. phone number, ID credentials, health or medical information)

(viii) Internet Protocol (IP) Address

(ix) Account Name

(x) Email Address

(xi) Geolocation Data

(xii) Professional or Employment-related Information

(xiii) Commercial Information, including data such as property records and purchase or consumer-related histories

b. CCPA v. GDPR at a Glance

Privacy Rights GDPR CCPA
The right to erasure Yes Yes
The right to object to processing of personal information. Yes Yes
Right to withdraw consent Yes Yes
The right of portability Yes No
Right to restrict the processing of personal information Yes Yes (with limitations)
Right to access personal information Yes Yes (limited to prior 12 months)
Right to Consumer Equality No Yes
Right to request correction of personal information Yes No

 

If your organization collects, processes, and/or retains personal information for any California resident (and meets the criteria highlighted above) your organization is subject to the CCPA. Similarly, if your organization collects, processes, and/or retains information for any individual within the European Economic Area, GDPR addresses the use, protection, and international transfer of personal data. Buchalter’s team of Privacy and eCommerce attorneys are available to address any questions you may have about achieving compliance in these areas.


Sherman is a member of the firm’s Intellectual Property, E-Commerce and Social Media practice groups in our Seattle office.  His practice focuses on: (1) complex intellectual property technology transactions; (2) privacy and data security (including GDPR and CCPA); and (3) the acquisition, development, marketing, licensing, protection, enforcement and distribution of Blockchain technology, mobile applications, devices, VR, gaming, patents, software, enterprise solutions, and emerging technologies.  He can be reached at (206) 319-7035 or [email protected]

Share

Related Areas

  • Intellectual Property Law
Buchalter footer logo

Adam Bass, Buchalter President & CEO

  • About
  • Careers
  • News & Events
  • Subscribe
  • CA Privacy Notice
  • PI Opt-Out
  • Denver
  • Los Angeles
  • Napa Valley
  • Orange County
  • Portland
  • Sacramento
  • Salt Lake City
  • San Diego
  • San Francisco
  • Scottsdale
  • Seattle
  • © Copyright 2023 Buchalter, A Professional Corporation
Buchalter Communications

We love sharing our knowledge, but we don't want to inundate you. If you would like to receive communications from Buchalter, please highlight the text boxes below indicating which type of communications you would like to receive, and provide your name and email address. [Street address is only necessary for Points and Authorities.] We appreciate your interest in our work.

  • This field is for validation purposes and should be left unchanged.
  • Sign Up