California Consumer Privacy Act
The California Consumer Privacy Act of 2018 (CCPA) significantly expands the privacy rights of California residents. Hundreds of thousands of businesses across the country will be required to take action to avoid private litigation and attorney general enforcement actions.
The CCPA requires entities doing business in California to make a range of disclosures about the information collected about California residents. It also gives California residents a variety of options for how their information may be used. The legislation defines "personal information" to include almost any type of information that can be associated with an individual or household.
Penalties are steep for noncompliance. The California Attorney General's office is charged with enforcing the CCPA and is authorized to seek statutory damages of up to $2,500 per violation. The legislation also establishes a private right of action for data breaches with statutory damages of up to $750 per consumer per incident.
Ballard Spahr's Privacy and Data Security Group advises clients on all aspects of the California Consumer Privacy Act of 2018, including:
- Advising a major international automotive manufacturer on the potential impact of the private right of action for violations of the Act's data breach notification provisions
- Advising a leading men's magazine on the use of GDPR processes to leverage compliance with notice requirements under the Act
- Advising a leading science magazine on the potential for fines under the Act and applicability to nonprofit organizations