The groundbreaking California Consumer Privacy Act of 2018 (CCPA), which has implications for most businesses that process the personal information of California residents, signals a substantial shift in the data privacy regime in the US and will require significant changes to businesses’ data protection programs. Given California’s broad economic impact, and the CCPA’s prescriptive requirements, the law may serve as the de facto national standard for businesses that handle personal information about US residents. The CCPA already has triggered the introduction of a flurry of additional state bills with similar requirements, and businesses will need to consider whether to expand the law’s privacy protections to individuals across the United States. The CCPA became effective on January 1, 2020.

Compliance with the CCPA requires businesses to understand:

  • What personal information they have about California residents;
  • Where that information is stored;
  • To whom it is disclosed; and
  • How to access and delete it, if required. 
     

How We Can Help

At Hunton Andrews Kurth, our privacy and cybersecurity team is assisting myriad companies in developing and implementing CCPA compliance strategies, including:

  • Interpreting and tracking proposed changes in the law;
  • Performing fact gathering and due diligence to help businesses set priorities and goals;
  • Building compliance programs designed to satisfy applicable obligations under the CCPA and fit each business’s specific needs, risk appetite and budget; and
  • Strategizing about how to manage the uncertainty of the passage of potential additional state and federal privacy legislation that would impose similar, but potentially divergent, requirements on businesses.

 

CCPA Resource Center

Tools

Webinars

 

Publications

 

Blog Entries

Alerts

Insights