California Consumer Privacy Act

The far-reaching Consumer Privacy Act of 2018 (CCPA) will require many companies doing business in California to implement new policies and procedures in advance of a January 1, 2020, deadline. The CCPA can be enforced by the California Attorney General or by private plaintiffs with the possibility of statutory penalties for non-compliance.

California has passed a comprehensive consumer privacy law—similar in some respects to the European Union’s General Data Protection Regulation (GDPR). The CCPA was unanimously approved by the California Senate and Assembly on June 27 and signed into law by Governor Jerry Brown the same day. Organizations subject to the CCPA must comply by January 1, 2020.

The CCPA creates an array of new consumer privacy rights that will require many companies doing business in California to reassess their collection and use of personal information and modify their business processes to accommodate the new rights. It allows California consumers to make requests of businesses to disclose what personal information the business has shared and also to delete or no longer share that information.

Morgan Lewis is prepared to guide companies and institutions of all sizes through the challenges they face in this new regulatory environment, and we will be closely following each new development as the CCPA is amended and regulations and guidance documents are issued. We assist clients in virtually all the major industries around the globe in understanding how these important changes will affect their businesses and how to navigate the changing data privacy landscape. Because we work with companies that are subject to GDPR and companies that are not, we can tailor a solution that fits either mold.