The California Consumer Privacy Act of 2018: Four Educational Extracts

The California Consumer Privacy Act (CCPA), a broad-based law protecting information that identifies California residents, will take effect in 2020. The law includes detailed disclosure requirements, provides individuals with extensive rights to control how their personal information is used, imposes statutory fines and creates a private right of action. It is expected to dramatically alter the way U.S.-based companies process data.

Editor’s Note: With the increasing focus on compliance requirements for companies doing business in California based on the California Consumer Privacy Act of 2018 (CCPA), the following four article extracts are provided to help legal, business, and information technology professionals better understand and prepare for the requirements and risks associated with the CCPA when it becomes effective on January 1, 2020.

On The Road Again: Practical First Steps On Your Way to Compliance with the CCPA

Extract from an article by Odia Kagan as published by Fox Rothschild

The California Consumer Privacy Act (CCPA), a broad-based law protecting information that identifies California residents, will take effect in 2020. The law includes detailed disclosure requirements, provides individuals with extensive rights to control how their personal information is used, imposes statutory fines and creates a private right of action.  It is expected to dramatically alter the way U.S.-based companies process data.

Yes – it is true that CCPA will only go into effect in 2020, and some changes in the law are expected.

However, CCPA also has a “12-month look back” which requires companies to be able to provide information to consumers about information collected or disclosed in the immediately preceding 12 months. Couple that with some “behind the scenes” preparation which will likely be necessary whatever form the law takes — to allow you to do expanded disclosure or to address the consumer rights of access or deletion — and you have good reasons not to take a “wait and see” approach.

Here are the top five steps you can start taking already to prepare for CCPA.

Read the complete article at On The Road Again: Practical First Steps On Your Way to Compliance with the CCPA

CCPA – What is it and What Does Your Business Need to Know?

Extract from an article by Deborah George as published by Robinson+Cole

One of the most critical facts to know is that the CCPA not only applies to consumers but also applies to for-profit businesses that do business in the state of California.  A business is defined as one that collects consumers’ personal information, has more than $25 million in revenue, alone or in combination, and annually buys, receives for the business’s commercial purposes, sells or shares for commercial purposes, the personal information of 50,000 or more consumers, households or devices or derives 50% of its annual revenues from selling a consumer’s personal information. Cal. Civ. Code §1798.140. A key fact to note from this definition is that the CCPA applies to any business does that “does business in the State of California” not just businesses residing or incorporated in California.

The CCPA is a consumer-directed law that empowers a consumer to determine how a business can store, retain and use their personal information. The CCPA gives consumers a set of rights about the personal information that businesses collect about them, and the CCPA then directs those businesses that possess that personal information what the business can or must do with a consumer’s personal information. It’s quite empowering for a consumer to be able to tell a big corporation: I don’t want you to sell my personal information or I want you to delete my personal information. The rights of consumers and the obligations of the businesses are distinct, but intertwined in this law: on one side are the rights of consumers, and on the other, the obligations of businesses to comply with the directions of their customers and consumers.

Read the complete article at CCPA – What is it and What Does Your Business Need to Know?

What Marketers Need to Understand About Fines Under The New California Privacy Act

Extract from an article by Sam Bocetta as published on Marketing Land

It did not take long for the Golden State to borrow a page from the European Union’s consumer privacy rule book. And because of this, marketers need to take note about what’s happening with changes in data protection right now.

It was only a few months after Europe adopted the General Data Protection Regulation in March 2018, that California Governor Jerry Brown approved Assembly Bill 375, commonly referred to as the California Consumer Privacy Act.

These two jurisdictions are more than 5,600 miles apart, but their views on consumer privacy happen to be very similar.

In early February 2019, many GDPR skeptics in the United States started seeing messages in their email inboxes about privacy policy updates. Since such notifications tend to be routinely ignored, there is a chance that your average citizen is still unaware of the GDPR reach beyond the EU.

The reason brands suddenly revised their privacy policies earlier this year can be traced to a massive fined imposed upon an American internet advertising giant: Google.

Read the complete article at What Marketers Need to Understand About Fines Under The New California Privacy Act

If You’re Not First, You’re Last: Risks of Delaying CCPA Compliance

Extract from an article by Kevin Kish as published by Security Boulevard

The CCPA mandates that organizations provide consumers with an accurate look-back at the data that was collected, sold, or disclosed during the business relationship or service delivery. Organizations should avoid the temptation to rely solely on existing processes resulting from the GDPR without further analysis or not preparing at all. Prior to the effective date in January 2020, businesses should take the opportunity to develop a comprehensive data inventory to ensure that all relevant personal information assets are identified in accordance with CCPA’s new requirements. At the same time, it’s important that this process be able to scale with business operations to ensure both internal and external visibility and consistency while data collection, sharing, and sales operations change. Due to the increased focus on data privacy and the implications of the regulatory environment, early preparation will pay off in the form of a well-trusting customer base and, through the intrinsic, marketplace advantage offered to those who establish themselves as a reputable, privacy-conscious business partner.

Read the complete article at If You’re Not First, You’re Last: Risks of Delaying CCPA Compliance

Additional Reading

Source: ComplexDiscovery

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

The results of the recent Summer 2020 eDiscovery Business Confidence Survey present the unfortunate and continuing impact of COVID-19 on the business of eDiscovery. However, for these pandemic-driven results to be fully understood, they should be viewed through the contextual lens of the results of all nineteen surveys that have been administered to eDiscovery professionals since the inception of the eDiscovery Business Confidence Survey in early 2016.



Check Out the Observations Now!

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

HaystackID and NightOwl Global Merge

According to today's announcement, the NightOwl merger is HaystackID's fourth major...

Mitratech Acquires Tracker Corp

The acquisition supports Mitratech’s mission to provide legal and compliance solutions...

A Window into Malware? The New Malware Reverse Engineering Handbook from CCDCOE

According to Wikipedia, malware analysis is the study or process of...

Much Ado About Something? The Hype Cycle for Legal and Compliance Technologies (2020)

The information and insight highlighted by Marko Sillanpaa of Gartner in...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

Based on the aggregate results of nineteen past eDiscovery Business Confidence...

A Growing Concern? Budgetary Constraints and the Business of eDiscovery

In the summer of 2020, 56% of respondents viewed budgetary constraints...

A Change in Tempo? eDiscovery Operational Metrics in the Summer of 2020

In the summer of 2020, 91 eDiscovery Business Confidence Survey participants...

Shifting Gears? eDiscovery Business Confidence Survey Results – Summer 2020

This is the nineteenth quarterly eDiscovery Business Confidence Survey conducted by...

HaystackID and NightOwl Global Merge

According to today's announcement, the NightOwl merger is HaystackID's fourth major...

Mitratech Acquires Tracker Corp

The acquisition supports Mitratech’s mission to provide legal and compliance solutions...

XDD Acquires LightSpeed Legal

According to David Moran, XDD President, and COO, “As we continue...

XDD Acquires RVM

According to XDD CEO Bob Polus, “Merging forces with RVM further...

Five Great Reads on eDiscovery for July 2020

From business confidence and operational metrics to data protection and privacy...

Five Great Reads on eDiscovery for June 2020

From collection market size updates to cloud outsourcing guidelines, the June...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

Five Great Reads on eDiscovery for April 2020

From business confidence to the boom of Zoom, the April 2020...