Maribeth Thomas mthomas@tuckelaw.com 412 566-3949
July 1st marked the beginning of the enforcement of the California Consumer Privacy Act (the “CCPA”). Despite the fact that a final version of the regulation has yet to be codified, California Attorney General Xavier Becerra announced on June 30, 2020 that his Office would begin to enforce the CCPA the next day.
On June 1, Becerra submitted a draft resolution to California’s Office of Administrative Law for final approval. The draft resolution provided guidance as to how the Attorney General’s Office would interpret the CCPA and how an organization can comply with its requirements. It is believed that, once the final regulations are approved, enforcement of the CCPA will be retroactive to January 1, 2020.
The CCPA was signed into law on June 28, 2018 and became effective on January 1, 2020. At that time, Becerra made clear that his Office would not take action against a non-compliant organization for six months after the CCPA became effective. Once the CCPA and its regulations are codified, it is expected that its requirements and enforcement will be retroactive to January 1, 2020.
The CCPA provides California residents with expanded data protection rights, and it applies to businesses—whether located within or outside of California—that have access to the personal data of a California resident. “Personal data” consists of email addresses, online handles, IP addresses, biometric data, geolocation data, and search histories. A business must comply with the CCPA if (1) its gross annual revenue is greater than $25 million; (2) it buys, receives, or sells personal information of at least 50,000 consumers, households, or devices; or (3) at least 50% of its revenue comes from selling the personal information of consumers. An intentional violation of the CCPA could result in penalties up to $7,500 for each violation, and unintentional violations may result in a penalty of up to $2,500.
The CCPA provides California residents with five important rights with respect to their personal data:
In light of the expanded rights provided to consumers by the CCPA, and the substantial fines that could be incurred if those rights are violated, it is imperative that businesses implement measures to ensure that they are compliant with the CCPA. These measures should include, for example, a review of all vendor contracts, effective training of all employees, and a review of compliance procedures regarding personal data. For more information or assistance with CCPA compliance, please contact Maribeth Thomas.
July 13, 2020
The same attributes that have anchored over a century of success are still our guiding principles today.
Enter your email address below and be notified when we post new information.