Client Alerts & Newsletters

California’s Landmark Privacy Law Now in Effect


On January 1, 2020, California’s landmark privacy law, the California Consumer Privacy Act (CCPA), took effect. The CCPA imposes various obligations on covered businesses and provides extensive rights to consumers with respect to controlling the collection and use of their personal information. While some companies have largely completed their CCPA compliance efforts, many others are still digesting the CCPA and draft proposed regulations, and taking steps to meet the CCPA’s myriad compliance obligations.

Confusion persists about how businesses can comply with certain provisions of the CCPA. In October 2019, the California Attorney General issued proposed regulations that provide guidance on a number of key areas, but the regulations are not yet final. If adopted, violations of the proposed regulations will be treated the same as violations of the CCPA itself, with the same penalties. We have summarized the proposed regulations in previous alerts:

Comments on the proposed regulations can be viewed here.

While formal enforcement proceedings by the California Attorney General will not begin until July 1, 2020, it is possible the agency will pursue retroactive enforcement for violations that occur between January 1 and July 1, 2020. The California Attorney General may impose civil penalties of $2,500 for each violation or $7,500 for each intentional violation after notice and a 30-day cure period.

In addition, the CCPA grants California consumers a private right of action and statutory damages of $100 to $750 per incident against companies that experience a data breach caused by failure to implement and maintain reasonable security procedures. Those lawsuits may be filed at any time.

Companies that have not yet completed (or commenced) CCPA compliance efforts should continue (or get started) in an effort to mitigate CCPA risk. Due to “limited resources,” California Attorney General Xavier Becerra has stated the agency will “look kindly on those that … demonstrate an effort to comply.”

* * *

For assistance with CCPA compliance, please contact one of our privacy team members listed below.

Please also check back for additional analysis of forthcoming California Attorney General CCPA updates and final regulations.

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Jeffrey L. Poston
Partner – Washington, D.C.
Phone: +1 202.624.2775

Paul M. Rosen
Partner – Los Angeles, Washington, D.C.
Phone: +1 213.443.5577, +1 202.624.2500

Kristin J. Madigan, CIPP/US
Partner – San Francisco
Phone: +1 415.365.7233

Jarno Vanto, CIPP/E, CIPP/US
Partner – New York
Phone: +1 212.803.4025

Brandon C. Ge
Counsel – Washington, D.C.
Phone: +1 202.624.2531

Crowell & Moring LLP is an international law firm with offices in the United States, Europe, MENA, and Asia that represents clients in litigation and arbitration, regulatory and policy, and transactional and corporate matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation and government-facing matters, as well as its ongoing commitment to pro bono service and diversity, equity, and inclusion.

View Desktop Site | Mobile Sitemap |

Contact | Subscribe | Terms of Use | Privacy Statement | Alumni

© Crowell & Moring LLP 2021
Attorney advertising - prior results do not guarantee a similar outcome.