Printer Friendly, PDF & Email

A new decade in data privacy: Complying with the CCPA

Charles Fleischmann (charles.fleischmann@huschblackwell.com) is an attorney with Husch Blackwell in Washington, DC, USA, and Ephraim Hintz (ephraimhintz32@gmail.com) is an attorney with Polsinelli in Denver, Colorado, USA.

Following daily headlines of data breaches and companies using or maintaining individuals’ data in less than desirable ways, governments around the globe have increasingly taken notice and started passing laws governing the rights of individuals with respect to their data, and the way others can permissibly use it.

Leading the pack was the European Union (EU), whose General Data Protection Regulation[1] (GDPR), came online in 2018. While companies doing business in the EU worked to become compliant with GDPR, various states in the US recognized that the federal government lacks much, if any, of the framework around this issue. As a result, several states have contemplated passing their own data privacy laws and regulations.

The most significant of these laws, the California Consumer Privacy Act (CCPA),[2] was passed in June of 2018. As California wrestled with the specifics of how compliance and enforcement would work, the state delayed the effective date of the CCPA until January 1, 2020. While the CCPA will be effective as of this article’s publication, enforcement is not set to begin until July 1, 2020.

As a result, the goals of this article are to (1) inform businesses whether they fall within the CCPA’s reach; (2) provide an understanding of the basics of the law, and the remaining areas of uncertainty; and (3) offer practical tips on how to comply for those affected businesses.

This document is only available to members. Please log in or become a member.