California's New Privacy Law is Coming - Are You Ready?

All eyes are on California as the countdown to California’s Consumer Privacy Act (CCPA) continues. This attention is for good reason—the CCPA is a data privacy law with the potential to change the landscape of data collection practices in the U.S. Approximately 500,000 U.S. businesses in various industries will have to comply with this new law when it goes into effect on January 1, 2020. When the CCPA goes into effect, consumers may then exercise their private right of action. This means that consumers may bring a civil lawsuit against any business for a data breach and potentially recover $100 to $750 per consumer per incident. Additionally, after giving a business notice and thirty days to cure the violation, the California Attorney General may issue civil penalties up to $2,500 per violation or $7,500 per intentional violation. The California Attorney General may begin this enforcement on July 1, 2020 or six months after publication of the final regulations, whichever is sooner.

If you do business in California, here are some things you can start to do to prepare for the CCPA:

  • Make an inventory of personal information, using the CCPA’s definition of “personal information” as a guide.
  • Update your Privacy Notice and make other required disclosures wherever personal information is collected.
  • Build technical capabilities and conduct necessary employee training to respond to verified consumer rights requests.
  • Add “Do Not Sell My Personal Information” link and other technical opt-out capabilities (if your business “sells” personal information).
  • Implement reasonable security practices and procedures.
  • Add required contract provisions to service provider contracts (if your business “sells” personal information or desires limited liability).

In addition, the KMK Law Cybersecurity & Privacy Team is available to assist you in complying with the CCPA. Read the following legal alert here for additional information on the CCPA.

KMK Law articles and blog posts are intended to bring attention to developments in the law and are not intended as legal advice for any particular client or any particular situation. The laws/regulations and interpretations thereof are evolving and subject to change. Although we will attempt to update articles/blog posts for material changes, the article/post may not reflect changes in laws/regulations or guidance issued after the date the article/post was published. Please consult with counsel of your choice regarding any specific questions you may have.


© 2024 Keating Muething & Klekamp PLL. All Rights Reserved


Jump to Page