CCPA compliance

CCPA Compliance: The CA Attorney General is Enforcing Now!

With the outbreak of the COVID-19 pandemic, businesses have had to react to a whole new set of issues that were not on their radar four (4) months ago.  One task that may have been tabled until some sense of normalcy was restored is compliance with the California Consumer Privacy Act (“CCPA”). Businesses must be aware that July 1, 2020, marked the day that the California State Attorney General’s Office began its CCPA enforcement efforts. Attorney General Xavier Becerra announced the enforcement date by releasing a statement encouraging “every Californian to know their rights to internet privacy and every business to know its responsibilities.” Although it is too early to know what enforcement will look like, businesses that are not already within CCPA compliance must act fast to avoid stiff penalties. 

What are the immediate responsibilities businesses should be aware of?

CCPA Regulations

The CCPA went into effect on January 1, 2020, and required the California State Attorney General to adopt regulations on or before July 1, 2020. On June 1, 2020, the final text of the CCPA regulations were submitted to the Office of Administrative Law (“OAL”) for review. The California State Attorney General has requested that OAL expedite its review and make the CCPA regulations effective on the same day that they are filed with the Secretary of State. However, as of this date, the final CCPA regulations are still pending approval. Despite the fact that the final CCPA regulations have yet to be approved by OAL, the California State Attorney General has consistently stated that enforcement would begin on July 1, 2020. 

Your education on compliance with Internet, telemarketing, and trademark law should begin with a discussion between you and an experienced attorney.
Scheduling a free consultation with Klein Moynihan Turco is a great place to start.

Immediate CCPA Compliance Measures

The CCPA regulations detail how businesses collect, use and share California State resident personal information. Businesses that are not already CCPA compliant should immediately be working on: 1) determining whether the CCPA applies to them; 2) updating their existing privacy policies to include language required by the CCPA; and 3) providing consumers with appropriate CCPA forms.

Businesses must be CCPA complaint if they: 1) do business in the State of California; 2) collect California State resident personal information; and 3) satisfy at least one of the following thresholds:

  • Have annual gross revenue of over $25 million;
  • Buy, receive, sell or share the personal information of 50,000 or more consumers, households or devices for commercial purposes each year; or
  • Derive 50% or more of annual revenue from selling consumer personal information. 

 “The purpose of the privacy policy is to provide consumers with a comprehensive description of a business’s online and offline practices regarding the collection, use, disclosure, and sale of personal information and of the rights of consumers regarding their personal information.” Businesses that have not updated their privacy policies prior to the CCPA effective date of January 1, 2020, will need to update their privacy policies in order to comply with the final CCPA regulations.  

The CCPA has codified California consumers’ rights to: 1) opt-out of the sale of their personal information to third parties; 2) request to know what personal information businesses have collected about them and how businesses have sold or disclosed that information to third parties; and 3) request that businesses delete personal information that has been collected from/about them. Appropriate CCPA forms can be used to allow consumers to communicate their rights to opt-out, know and delete, as required for CCPA compliance. 

Although it is unclear how the California State Attorney General will prioritize CCPA enforcement, it is clear that being the subject of an investigation can drain businesses of a substantial amount of time and money. Do not wait to address CCPA compliance, time has run out! 

If you require assistance in connection with CCPA compliance, please email us at info@kleinmoynihan.com, or call us at (212) 246-0900. 

The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney. 

Attorney Advertising

Related Blog Posts:

CCPA Law: The Private Right of Action

CCPA Service Provider Requirements Clarified by California AG

Draft CCPA Regulations Contain Important New Record-Keeping and Disclosure Requirements

Share:

David Klein

David Klein is one of the most recognized attorneys in the technology, Internet marketing, sweepstakes, and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.
Contact Us

Let's Talk.

Our trusted legal counsel can help ensure that your business stays compliant.
Contact Us

Trending Topics

Trending Topics

Copyright © 2013–2021 Klein Moynihan Turco LLP. All Rights Reserved · Attorney Advertising