With the outbreak of the COVID-19 pandemic, businesses have had to react to a whole new set of issues that were not on their radar four (4) months ago. One task that may have been tabled until some sense of normalcy was restored is compliance with the California Consumer Privacy Act (“CCPA”). Businesses must be aware that July 1, 2020, marked the day that the California State Attorney General’s Office began its CCPA enforcement efforts. Attorney General Xavier Becerra announced the enforcement date by releasing a statement encouraging “every Californian to know their rights to internet privacy and every business to know its responsibilities.” Although it is too early to know what enforcement will look like, businesses that are not already within CCPA compliance must act fast to avoid stiff penalties.
What are the immediate responsibilities businesses should be aware of?
The CCPA went into effect on January 1, 2020, and required the California State Attorney General to adopt regulations on or before July 1, 2020. On June 1, 2020, the final text of the CCPA regulations were submitted to the Office of Administrative Law (“OAL”) for review. The California State Attorney General has requested that OAL expedite its review and make the CCPA regulations effective on the same day that they are filed with the Secretary of State. However, as of this date, the final CCPA regulations are still pending approval. Despite the fact that the final CCPA regulations have yet to be approved by OAL, the California State Attorney General has consistently stated that enforcement would begin on July 1, 2020.
|Your education on compliance with Internet, telemarketing, and trademark law should begin with a discussion between you and an experienced attorney. |
Scheduling a free consultation with Klein Moynihan Turco is a great place to start.
Immediate CCPA Compliance Measures
The CCPA regulations detail how businesses collect, use and share California State resident personal information. Businesses that are not already CCPA compliant should immediately be working on: 1) determining whether the CCPA applies to them; 2) updating their existing privacy policies to include language required by the CCPA; and 3) providing consumers with appropriate CCPA forms.
Businesses must be CCPA complaint if they: 1) do business in the State of California; 2) collect California State resident personal information; and 3) satisfy at least one of the following thresholds:
- Have annual gross revenue of over $25 million;
- Buy, receive, sell or share the personal information of 50,000 or more consumers, households or devices for commercial purposes each year; or
- Derive 50% or more of annual revenue from selling consumer personal information.
The CCPA has codified California consumers’ rights to: 1) opt-out of the sale of their personal information to third parties; 2) request to know what personal information businesses have collected about them and how businesses have sold or disclosed that information to third parties; and 3) request that businesses delete personal information that has been collected from/about them. Appropriate CCPA forms can be used to allow consumers to communicate their rights to opt-out, know and delete, as required for CCPA compliance.
Although it is unclear how the California State Attorney General will prioritize CCPA enforcement, it is clear that being the subject of an investigation can drain businesses of a substantial amount of time and money. Do not wait to address CCPA compliance, time has run out!
If you require assistance in connection with CCPA compliance, please email us at firstname.lastname@example.org, or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Related Blog Posts: