California is Serious About Privacy – Does Your Business Have a Roadmap to Comply with California Law?

By now, many companies who do business with California residents are familiar with the California Consumer Privacy Act of 2018 (“CCPA”), which became effective on January 1, 2020. The CCPA is one of the most comprehensive privacy laws in the country. Despite some familiarity with its requirements, compliance with the CCPA brought many challenges for business owners and their management teams. Violations of the CCPA can be extremely costly — up to $7,500.00 per intentional violation and $2,500.00 per unintentional violation.

Under the CCPA, businesses that collect personal data from any California resident must meet several obligations:

  1. posting a Privacy Notice on the business’s website;
  2. providing account verification;
  3. to not sell personal data pertaining to children;
  4. providing timely responses to residents’ requests that the business delete their personal information or provide residents with information concerning what personal information the business has collected relating to that resident; and
  5. providing timely responses to residents’ requests that the business not sell the resident’s personal data.

Shortly after the CCPA’s effective date, the California legislature passed the California Privacy Rights Act (“CPRA”) on November 3, 2020. The CPRA will become effective January 1, 2023 and will apply to all personal data collected by a business on or after January 1, 2022, with certain exceptions.

Among other things, the CPRA added obligations to the CCPA pertaining to:

  1. Sensitive personal information;
  2. Automated decision-making;
  3. Consumer profiling; and
  4. The formation of the California Privacy Protection Agency.

As if compliance with the CCPA and CPRA are not enough to pose significant challenges for businesses who serve California residents, numerous other California laws pertain to privacy and data security, such as the California Data Breach Law, the California Online Privacy Protection Act, the Shine the Light Law, and the California Invasion of Privacy Act.

If you are a business owner who does business with California residents and need assistance navigating the expansive and ever-changing legal landscape of privacy law, please contact us at (312) 368-0100.