California Consumer Privacy Act

The far-reaching Consumer Privacy Act of 2018 (CCPA) will require many companies doing business in California to implement new policies and procedures no later than July 1, 2020. The CCPA can be enforced by the California Attorney General or by private plaintiffs with the possibility of statutory penalties for noncompliance.

California has passed a comprehensive consumer privacy law—similar in some respects to the European Union’s General Data Protection Regulation (GDPR). The CCPA was unanimously approved by the California Senate and Assembly on June 27 and signed into law by Governor Jerry Brown the same day. The enforcement date for the CCPA is now six months after the Attorney General’s Office issues regulations, so organizations subject to the CCPA must be in compliance no later than July 1, 2020.

The CCPA creates an array of new consumer privacy rights that will require many companies doing business in California to reassess their collection and use of personal information and modify their business processes to accommodate the new rights. It allows California consumers to make requests of businesses to disclose what personal information the business has shared and also to delete or no longer share that information.

Morgan Lewis is prepared to guide companies and institutions of all sizes through the challenges they face in this new regulatory environment, and we will be closely following each new development as the CCPA is amended and regulations and guidance documents are issued. We assist clients in virtually all the major industries around the globe in understanding how these important changes will affect their businesses and how to navigate the changing data privacy landscape. Because we work with companies that are subject to GDPR and companies that are not, we can tailor a solution that fits either mold.