eDiscovery Daily Blog

Answers to Your Frequently Asked CCPA Questions: Data Privacy Best Practices

As we discussed last year (here and here), the California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect next January 1.  And, as we also reported recently, about half of surveyed companies haven’t even started preparing to be CCPA compliant.  Maybe that’s because they don’t know where to start to comply and don’t know whether the CCPA applies to their business, what rights will Californians have under CCPA and what impact CCPA will have on their privacy policy.  Here are answers to some of those questions.

In the Data Privacy Monitor site by Baker Hostetler (The California Consumer Privacy Act: Frequently Asked Questions, written by Alan L. Friel, Laura E. Jehl and Melinda L. McLellan), the authors address ten frequently asked questions that companies are asking about CCPA (if they’re not asking them, they should be).  Here are the questions they are addressing in this article:

  1. Does the CCPA apply to my business? What if we don’t have operations in California?
  2. Does the $25 million revenue threshold apply to California revenue specifically, or is it $25 million for the business as a whole?
  3. Will the CCPA be amended? What are the open issues?
  4. What new rights will the CCPA give to California residents?
  5. Will we need to amend our company’s online privacy policy?
  6. How do the “copycat” CCPA laws being proposed in other states compare with the CCPA?
  7. How does a business confirm that a person making an access or deletion request under the CCPA is a California resident, or who they claim to be?
  8. What should our company be focusing on right now, while we wait to see how these various state and federal law proposals shake out?
  9. What are the potential penalties for violations of the CCPA?
  10. Does my business qualify for one of the CCPA’s exceptions?

I won’t steal any thunder here – the authors give detailed and thoughtful answers to the questions that you will want to check out for yourself.

It’s interesting to note that there are at least 15 state data privacy laws that are working their way through the legislative process – some that are “virtually identical to the CCPA”, others that are similar, but with key differences.  As the authors note, the “prospect of having to comply with dozens of different state laws of this nature has fueled interest in a federal law to harmonize these proposals and provide businesses with clear compliance goals.”  That’s not surprising to me.

As the authors note in their conclusion: “A new era of consumer privacy rights has dawned in the U.S., and businesses will need to have a sound understanding of the personal information they collect, process, use and share to be able to comply with incoming rules and regulations.”  Given recent trends, it certainly appears that virtually every US business will be subject to new and developing data privacy laws sooner rather than later.

So, what do you think?  Is your company subject to CCPA?  If so, has it begun to address CCPA yet?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.