Privacy and Data Protection

Printer Friendly, PDF & Email

A New Decade in Data Privacy: Complying with the CCPA

By Charles Fleischmann and Ephraim Hintz[1]

Following daily headlines of data breaches and companies using or maintaining individuals’ data in less than desirable ways, governments around the globe have increasingly taken notice and started passing laws governing the rights of individuals with respect to their data, and the way others can permissibly use it.

Leading the pack was the European Union (EU), whose General Data Protection Regulation[2] (GDPR), came online in 2018. While companies doing business in the EU worked to become compliant with GDPR, various states in the US recognized that the federal government lacks much, if any, of the framework around this issue. As a result, several states have contemplated passing their own data privacy laws and regulations.

The most significant of these laws, the California Consumer Privacy Act[3] (CCPA), was passed in June of 2018. As California wrestled with the specifics of how compliance and enforcement would work, the state delayed the effective date of the CCPA until January 1, 2020. Enforcement of the law began July 1, 2020.

As a result, the goals of this article are to (1) inform businesses whether they fall within the CCPA’s reach, (2) provide an understanding of the basics of the law, and (3) offer practical tips on how to comply for those affected businesses.

This document is only available to subscribers. Please log in or purchase access.