All eyes are on California as the countdown to California’s Consumer Privacy Act (CCPA) continues. This attention is for good reason—the CCPA is a data privacy law with the potential to change the landscape of data collection practices in the U.S. Approximately 500,000 U.S. businesses in various industries will have to comply with this new law when it goes into effect on January 1, 2020. When the CCPA goes into effect, consumers may then exercise their private right of action. This means that consumers may bring a civil lawsuit against any business for a data breach and potentially recover $100 to $750 per consumer per incident. Additionally, after giving a business notice and thirty days to cure the violation, the California Attorney General may issue civil penalties up to $2,500 per violation or $7,500 per intentional violation. The California Attorney General may begin this enforcement on July 1, 2020 or six months after publication of the final regulations, whichever is sooner.
If you do business in California, here are some things you can start to do to prepare for the CCPA:
- Make an inventory of personal information, using the CCPA’s definition of “personal information” as a guide.
- Update your Privacy Notice and make other required disclosures wherever personal information is collected.
- Build technical capabilities and conduct necessary employee training to respond to verified consumer rights requests.
- Add “Do Not Sell My Personal Information” link and other technical opt-out capabilities (if your business “sells” personal information).
- Implement reasonable security practices and procedures.
- Add required contract provisions to service provider contracts (if your business “sells” personal information or desires limited liability).
KMK Legal Alerts and Blog Posts are intended to bring attention to developments in the law and are not intended as legal advice for any particular client or any particular situation. Please consult with counsel of your choice regarding any specific questions you may have.
© 2019 Keating Muething & Klekamp PLL. All Rights Reserved
- Cybersecurity and Privacy Law
- Cybersecurity Regulation
- Cyber Insurance
- Privacy Laws
- Data Breach
- Class Action Litigation
- General Data Protection Regulation
- Mergers & Acquisitions
- Incident Response Plan
- Information Governance
- Corporate Law
- Federal Trade Commission
- Seventh Circuit
- Department of Justice
- Can’t We All Get Along in the Cyber Sandbox?
- California's New Privacy Law is Coming - Are You Ready?
- Gearing up for National Cybersecurity Awareness Month: KMK Hosts Third Annual Cybersecurity & Privacy Seminar
- Ohio Data Protection Act - Safe Harbor for Businesses in Ohio
- Ohio’s Data Protection Act: What You Need to Know
- September 2018 Was a Busy Month for Data Privacy
- GDPR - 90 Days Later
- GDPR: What We're Learned So Far and What to Expect
- GDPR: Less Than 100 Day and Counting to "G-Day" - Here's What You Need to Know
- SEC Issues Guidance on Cybersecurity Disclosures