California’s Consumer Privacy Act and Other State Privacy & Security Laws

Influenced by California’s Consumer Privacy Act and Europe Union’s General Data Protection Regulation, a wave of new data privacy legislation has been introduced across the United States. Visit this page for the latest developments during this critical juncture in US privacy regulation.

California’s Consumer Privacy Act (CCPA)

The far-reaching Consumer Privacy Act of 2018 (CCPA) requires many companies doing business in California to implement new policies and procedures no later than July 1, 2020. The CCPA can be enforced by the California Attorney General or by private plaintiffs with the possibility of statutory penalties for noncompliance.

California has passed a comprehensive consumer privacy law—similar in some respects to the European Union’s General Data Protection Regulation (GDPR). The CCPA was unanimously approved by the California Senate and Assembly on June 27, 2018, and signed into law by then-Governor Jerry Brown the same day. The enforcement date for the CCPA is now six months after the Attorney General’s Office issues regulations, so organizations subject to the CCPA must be in compliance no later than July 1, 2020.

The CCPA creates an array of new consumer privacy rights that require many companies doing business in California to reassess their collection and use of personal information, and modify their business processes to accommodate the new rights of consumers. It allows California consumers to make requests of businesses to disclose what personal information the business has shared and also to delete or no longer share that information.

State Privacy & Security Law Developments 

In addition to California, since the start of 2019, at least 10 state legislatures have introduced privacy bills inspired to varying degrees by the CCPA.

Consumer Privacy Legislation Introduced


Consumer Privacy Legislation Map

Morgan Lewis is prepared to guide companies and institutions of all sizes through the challenges they face in this new regulatory environment. We will closely follow each new development as the CCPA is amended and regulations and guidance documents are issued. We are also following developments in other states as data privacy legislation is proposed and enacted. Our lawyers assist clients in virtually all the major industries around the globe in understanding how these important changes affect their businesses and how to navigate the changing data privacy landscape.