February 18, 2020

February 18, 2020

Subscribe to Latest Legal News and Analysis

February 17, 2020

Subscribe to Latest Legal News and Analysis

CCPA’s New Privacy Rights = New Consumer Demands

Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance. California’s new privacy law goes into effect January 1, 2020. Although California attorney general enforcement is not expected until at least July 1, 2020, consumer lawsuits for violations of CCPA could start in early 2020 based on CCPA’s 12-month look back. CCPA can apply to businesses even if they do not have offices or employees in California. It can also reach activities conducted outside of California. See our prior alert here to see if CCPA applies to your business.

A pending amendment to CCPA could broaden consumers’ ability to sue for any violation of CCPA (and not just data breach related incidents). Under CCPA as currently passed, consumer plaintiffs are entitled to statutory damages. This means they don’t have to prove damages, only a CCPA violation to recover damages. Most privacy lawsuits lose because damages can’t be proven. CCPA has the potential to change privacy litigation as we know it.

Do you know what California consumers can demand from your business under CCPA? Consider that “consumers” is broadly defined as a natural person resident in California for other than a transitory purpose and could include customers, employees, business contacts and others

(Click to enlarge charts)



A business cannot discriminate in service or price offered to consumers who exercise their privacy rights under CCPA though some price, quality or service differences are possible under CCPA. This overview is not a substitute for considering CCPA and its requirements in their entirety.

Copyright © 2020 Womble Bond Dickinson (US) LLP All Rights Reserved.


About this Author

Nadia Aram, Womble Carlyle, Intellectual Property Attorney, technology licensing lawyer, commercial agreements legal counsel, private securities law

Nadia advises clients in a variety of business transactions involving the use and commercialization of intellectual property and technology. She has experience drafting and negotiating a broad variety of contracts, including technology licenses, services, consulting and other complex commercial agreements to help clients realize the value of their assets day-to-day, and as part of strategic product and technology acquisitions and divestitures. Nadia also practices in the areas of franchise law, and advertising, sweepstakes & promotions law, including advising clients...

Allen O'Rourke, Womble Carlyle, Cybercrime Prosecution Lawyer, Breach Investigations Attorney

Drawing upon years of experience prosecuting cybercrime, Allen comes to the aid of clients affected by data breaches and cyber-attacks. He works with clients’ legal and information security teams to investigate cybersecurity incidents, coordinate the remediation of any breach, interface with law enforcement as appropriate, and ensure compliance with applicable data breach laws and regulations. In addition to incident response, Allen defends clients facing government investigations, regulatory enforcement actions, consumer class actions, and other litigation arising from data breaches.  He also provides counsel to clients regarding cybersecurity preparedness, active network defense, and any related legal issues, including guidance about the Computer Fraud and Abuse Act (CFAA), Electronic Communications Privacy Act (ECPA), and Cybersecurity Information Sharing Act (CISA).