Background - News & Events (Landing) 2016

Search NewsRoom

Advanced Search >

Media Contacts +

All Alerts & Newsletters

California’s Landmark Privacy Law Now in Effect

Jan.13.2020

On January 1, 2020, California’s landmark privacy law, the California Consumer Privacy Act (CCPA), took effect. The CCPA imposes various obligations on covered businesses and provides extensive rights to consumers with respect to controlling the collection and use of their personal information. While some companies have largely completed their CCPA compliance efforts, many others are still digesting the CCPA and draft proposed regulations, and taking steps to meet the CCPA’s myriad compliance obligations.

Confusion persists about how businesses can comply with certain provisions of the CCPA. In October 2019, the California Attorney General issued proposed regulations that provide guidance on a number of key areas, but the regulations are not yet final. If adopted, violations of the proposed regulations will be treated the same as violations of the CCPA itself, with the same penalties. We have summarized the proposed regulations in previous alerts:

Comments on the proposed regulations can be viewed here.

While formal enforcement proceedings by the California Attorney General will not begin until July 1, 2020, it is possible the agency will pursue retroactive enforcement for violations that occur between January 1 and July 1, 2020. The California Attorney General may impose civil penalties of $2,500 for each violation or $7,500 for each intentional violation after notice and a 30-day cure period.

In addition, the CCPA grants California consumers a private right of action and statutory damages of $100 to $750 per incident against companies that experience a data breach caused by failure to implement and maintain reasonable security procedures. Those lawsuits may be filed at any time.

Companies that have not yet completed (or commenced) CCPA compliance efforts should continue (or get started) in an effort to mitigate CCPA risk. Due to “limited resources,” California Attorney General Xavier Becerra has stated the agency will “look kindly on those that … demonstrate an effort to comply.”

* * *

For assistance with CCPA compliance, please contact one of our privacy team members listed below.

Please also check back for additional analysis of forthcoming California Attorney General CCPA updates and final regulations.

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Jeffrey L. Poston
Partner – Washington, D.C.
Phone: +1 202.624.2775
Email: jposton@crowell.com
Paul M. Rosen
Partner – Los Angeles, Washington, D.C.
Phone: +1 213.443.5577, +1 202.624.2500
Email: prosen@crowell.com
Kristin J. Madigan, CIPP/US
Partner – San Francisco
Phone: +1 415.365.7233
Email: kmadigan@crowell.com
Jarno Vanto
Partner – New York
Phone: +1 212.803.4025
Email: jvanto@crowell.com
Brandon C. Ge
Counsel – Washington, D.C.
Phone: +1 202.624.2531
Email: bge@crowell.com
Lee Matheson, CIPP/US/E/A, CIPM, PCIP
Associate – Washington, D.C.
Phone: +1 202.654.6728
Email: lmatheson@crowell.com