CCPA in Litigation: 2018 to Present

The California Consumer Privacy Act (CCPA) went into effect three months ago, on January 1, 2020. Although enforcement by the California attorney general cannot begin until July 1, private plaintiffs have been able to bring claims under the law’s limited private right of action since the beginning of the year.The CCPA is already having an […]

CCPA & COVID-19: A Practical Guide to Addressing Privacy and Data Security Implications of the Coronavirus

COVID-19 arrives just as the first omnibus privacy statute in the United States, the CCPA became effective. Since its January 1 effective date, we continue to wait for finalization of the CCPA regulations and enforcement that was slated for July 1. In a pandemic environment, companies, employers, and public institutions are grappling, outside the HIPAA […]

CCPA 12-month compliance series part 4: update your privacy policy

A business that is subject to the CCPA will need to update its consumer-facing online privacy policy. At a bare minimum, a privacy policy (and any California-specific privacy disclosure) must disclose: A description of a consumer’s right to disclosure regarding the personal information (“PI”) that the business has collected about the consumer, a consumer’s right […]

CCPA 12-month compliance series part 3: conduct a gap analysis

After conducting a data inventory (see Part 2 of our CCPA series), a business should assess its risks by benchmarking its policies and practices with applicable privacy laws and regulations. Conducting a gap analysis is a critical tool in identifying compliance gaps and developing a plan to bridge those gaps. See e.g., Stipulated Order for Permanent Injunction and Monetary […]