The California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect on January 1, 2020.
The CCPA is different than existing U.S. privacy legislation in that the definition of personal information under the new law is very broad and includes data elements not previously considered personal information under other U.S. laws. In addition the CCPA guarantees California consumers privacy rights that can create significant operational responsibilities for businesses falling into the law’s scope.
Take our complimentary CCPA Assessment to see if your organization is subject to the CCPA.
The CCPA allows for public and private actions. The California Attorney General can bring civil penalties of ranging from $2500 to $7500 for each CCPA violation. While this may not seem like a lot it is important to remember that the penalty is per user so that one violation involving 3,000 consumers actually counts as 3,000 violations and could potentially lead to a multi-million dollar fine.
The CCPA also allows consumers the right to take private legal action against companies for data breaches, recovering anything between $100 and $750 per consumer per incident, or actual damages (whichever is greater). If it is determined that a company did not provide reasonable data security measures to protect its consumers’ personal information, these unintentional violations can also result in fines.
Depending on your organization’s activities it may need to update public privacy notices, update internal policies and procedures, implement mechanisms to facilitate consumer requests, and update vendor and third party contracts.
Learn more about key business obligations under the CCPA here.
For businesses starting CCPA compliance, a thorough assessment is needed to determine how this regulation affects your organization’s operations. Our CCPA Readiness service is designed to kickstart your company’s CCPA compliance program. During a CCPA Readiness engagement, we will examine your organization’s data processing workflows, identify CCPA compliance gaps, and advise on how to become compliant.
Time. We understand that your time is precious. Ensuring ongoing compliance with CCPA obligations can be onerous and time consuming. We recognize that your organization is not in the business of privacy compliance and cannot afford to dedicate large amounts of time just to meeting the requirements of the CCPA. The good news is that we can and you can leverage our work and experience. Our CCPA solutions will save you time while minimizing disruption to your business operations.
Money. For every business, cash is king. We understand you want to spend your money wisely and receive worthwhile value. We also understand that you do not want spend money on CCPA compliance that you don’t have to. Unfortunately, there is a scarcity of skills and experience in meeting the requirements of privacy laws like the CCPA and hiring personnel to fit these roles can be very expensive. Our flat-fee, no-commitment Managed Privacy Compliance subscriptions provide an affordable solution to this problem. These subscriptions are offered on a monthly or annual basis which also provides cost certainty for your organization.
Expertise. Our firm is singularly-focused on privacy and data security regulatory compliance. We specialize in assisting small and medium-sized businesses comply with privacy and information security regulations and all of our attorneys have the unique perspective of being certified privacy and information security professionals. We exist to provide exceptional services and are dedicated to doing just a few things well.