• Attorneys
  • Practices & Industries
  • Thought Leadership +
    • Videos
    • Podcasts
    • Publications
      • Chemical Law & Prop 65 Blog
    • Webinars
  • News & Events +
    • News
    • Events/
      Speaking Engagements
  • About
  • Careers
  • Diversity
  • Contact
  • Offices
  • Payment Portal +
    • Pay your invoice
    • Pay your retainer
Buchalter
  • About
  • Careers
  • Diversity
  • Contact
  • Offices
  • Attorneys
  • Practices & Industries
  • Thought Leadership +
    • Publications
      • Chemical Law & Prop 65 Blog
    • Webinars
    • Videos
    • Podcasts
  • News & Events +
    • News
    • Events/
      Speaking Engagements
  • Payment Portal +
    • Pay your invoice
    • Pay your retainer
« View All Publications

The Next Chapter in US Consumer Privacy starts with the California Consumer Privacy Act (“CCPA”). The CCPA has broad application, strict compliance requirements, penalties for non-compliance, and takes effect January 1, 2020.

  • Download


Buchalter Client Alert

April 8, 2019

WHAT IS THE CALIFORNIA CONSUMER PRIVACY ACT?

The CCPA is a consumer protection regulation that gives all California residents strong privacy rights that companies are required to honor.

WHO NEEDS TO COMPLY?

A company is obligated to comply with the CCPA, if it (i) collects personal information (“PI”) from a California resident; (ii) conducts business in California; and (iii) meets any of these annual thresholds:

  • Gross revenue of $25 million;
  • Gathers information from more than 50k California households, users or devices; and/or
  • Derives 50% or more of revenue from selling PI.

A GLIMPSE INTO COMPLIANCE

CCPA compliance is multi-faceted.  Three major compliance requirements are: (1) the CCPA requires covered companies to limit the “sale” of PI to third-parties (the sale of PI is defined very broadly and means any transfer of PI capturing common tools such as Google Analytics); (2) covered companies must place a “Do Not Sell My Information” link on all pages collecting PI; and (3) covered companies must be able to delete PI upon request (under certain circumstances).

POTENTIAL VIOLATIONS

The focus of the CCPA is on the traditional U.S. concept of PI (e.g., name with account number, social security number, etc.). Liability arises from “unauthorized access and . . . disclosure [resulting from a business’s unreasonable] security procedures and practices . . . .” This includes concepts typically described as “leaks” rather than “breaches” and does not require allegations of harm.

THE PENALTIES

Civil fines of up to $7500 per CCPA violation and $750 per each record compromised in a data breach.

Important Note: California AG Becerra introduced an amendment in February that would permit private right of actions by individual plaintiffs, which has yet to become law.

TIME IS RUNNING OUT!

The CCPA takes effect on January 1, 2020 and is set to be enforced by the California Attorney General in July 1, 2020.

Important Note: The law requires covered companies to describe their privacy practices for the prior twelve months in notices and disclosures, potentially creating an effective “look-back” period to January 1, 2019.

You may view the CCPA as amended at this link.


Sherman Helenese is Of Counsel in Buchalter’s Privacy and Data Security, Intellectual Property, E-Commerce and Corporate Practice Groups. He can be reached at [email protected] and 206-319-7035.

Karl Gerner is an Associate in Buchalter’s Privacy and Data Security, Intellectual Property, and Cybersecurity Practice Groups. He can be reached at [email protected] and 206-319-7048.

Jane E. Brown is Special Counsel in Buchalter’s Privacy and Data Security, Intellectual Property, and Corporate Practice Groups.She can be reached at [email protected] and 206-319-7033.

This alert is published as a service to our clients and friends. The material contained here is provided for informational purposes only and is not intended to constitute advertising, solicitation or legal advice. The views expressed herein are solely those of the authors and do not necessarily reflect the views of Buchalter or its clients. For more information, visit www.buchalter.com.

Share
Buchalter footer logo

Adam Bass, Buchalter President & CEO

  • About
  • Careers
  • News & Events
  • Subscribe
  • CA Privacy Notice
  • PI Opt-Out
  • Denver
  • Los Angeles
  • Napa Valley
  • Orange County
  • Portland
  • Sacramento
  • Salt Lake City
  • San Diego
  • San Francisco
  • Scottsdale
  • Seattle
  • © Copyright 2023 Buchalter, A Professional Corporation
Buchalter Communications

We love sharing our knowledge, but we don't want to inundate you. If you would like to receive communications from Buchalter, please highlight the text boxes below indicating which type of communications you would like to receive, and provide your name and email address. [Street address is only necessary for Points and Authorities.] We appreciate your interest in our work.

  • This field is for validation purposes and should be left unchanged.
  • Sign Up