CCPA Enforcement Deadline Looms for Businesses

On January 1st, 2020, the California Consumer Privacy Act (CCPA) went into effect, protecting consumers’ privacy rights by placing obligations on how businesses collect, use, and share the personal information of California residents. Included within the protections, the CCPA provides affected consumers with the right to:

  • know what personal data is being collected about them;
  • know whether their personal data is sold or disclosed and to whom;
  • say no to the sale of personal data;
  • access their personal data;
  • request a business to delete any personal information about a consumer collected from that consumer; and
  • exercise their privacy rights without fear of discrimination.

Beginning on July 1st, 2020, the California Attorney General’s (AG’s) office can bring enforcement actions with penalties against any business that is found to have violated the CCPA. Violators will be sent a 30-day notice to fix any instance of non-compliance.  If violations are not cured during that period, the AG can seek penalties of up to $2,500 per violation, or up to $7,500 per intentional violation.

Recommended Action Steps

With the CCPA enforcement deadline quickly approaching, companies must make any final and necessary preparations to ensure that their websites comply with the CCPA. The following are some suggested actions to take to avoid fines and penalties:

  1. Make Sure Your Privacy Notice and Website are Updated – Consumers and even employees, especially those located in California, should be given an updated notice of their rights with respect to the gathering and storage of their personal data.
  2. Know what Data Your Business Stores – California consumers now have the right to know (under the CCPA) what personal information is being maintained by a business, and which third parties may have also received that information. It is critical that companies know what data is being kept and can respond to related consumer requests in a timely and accurate manner.
  3. Make Sure Employees are Trained on the CCPA – Any employee responsible for responding to consumer requests under the CCPA must receive training on how to do so in a manner that is consistent with the regulation.
  4. Ensure Security Procedures and Practices – Under the CCPA, California consumers can sue for breaches of their personal information that occurred because of a company’s failure to maintain and implement reasonable security procedures and practices. Businesses should ensure that they have appropriate practices for the storage and destruction of personal information.
  5. Consult with Company Service Providers – If a business discloses consumer personal information to a service provider, they should make sure that any contract that governs that service relationship includes and ensures CCPA-specific provisions and compliance.

NOTE: The details in this blog are provided for informational purposes only. All answers are general in nature and do not constitute legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. The author specifically disclaims any and all liability arising directly or indirectly from the reliance on or use of this blog.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Comments (required)*