Counsel For Navigating The California Consumer Privacy Act (CCPA)
From A Perspective That Knows Business
The California Consumer Privacy Act (CCPA) (as amended by the California Privacy Rights Act [CPRA]) is a wide-ranging privacy and data protection law with compliance consequences for a broad line of business types. Similar to the European Union’s GDPR, the CCPA has an extraterritorial scope and applies to many companies that are not physically located in California. Enacted in 2018 and in effect from a compliance perspective since 2020, the CCPA imposes requirements that include specific privacy notices, such as via a privacy policy, implementation of data processing agreements (DPAs) with service providers, among others, honoring privacy rights of consumers such as DSARs, and conducting privacy impact assessments. The law is regularly amended, such as the addition of protections for neural data under the umbrella of “sensitive” personal information.
The CCPA is enforced by the California Attorney General and, subsequent to the CPRA, also by the California Privacy Protection Agency (CPPA). So far, we have seen a variety of enforcement actions, ranging from warnings to fines, including the following:
- $1.55 million against Healthline
- $345,178 against Todd Snyder
- $632,500 against Honda for CCPA Violations
- 1.2 million fine against Sephora
- Fine against a food delivery platform
- Gaming company for non-compliance with the child protection provisions of the CCPA and COPPA
- $27.5 million settlement against Thomson Reuters for selling Californians’ personal data
At RICHT, we provide clients with a comprehensive suite of legal services to ensure compliance with the CCPA and avoid regulatory enforcement and private litigation. Our approach takes a business-first perspective, understanding business dynamics as well as goals, and aims to integrate compliance and risk mitigation within those confines.
CCPA Law Services We Offer
CCPA Compliant Privacy Policies
Compliance With CCPA Privacy Rights (DSARs)
Data Sale Analysis
Opt-Out/Opt-In Compliance