September 18, 2019

September 17, 2019

Subscribe to Latest Legal News and Analysis

September 16, 2019

Subscribe to Latest Legal News and Analysis

Ding Dong the CCPA Private Right of Action is (Mostly) Dead!

Whether your favorite movie is The Wizard of Oz or The Princess Bride, we can all agree there is some good news about the California Consumer Privacy Act (CCPA) this Friday afternoon! SB 561 appears to have (mostly) died in the Senate Appropriations Committee during a hearing held yesterday. While the act as originally drafted only provided for Attorney General enforcement (except for one section addressing data security breaches), SB 561 added a private right of action as well as statutory damages for any violation of the act. This amendment clearly would have significantly increased the risks of any failure to comply with CCPA, no matter how small. But remember the words of Miracle Max – “There’s a big difference between mostly dead and all dead. Mostly dead is slightly alive.” So while it is possible that another amendment could be introduced at a later date, for now at least, the act will likely remain as drafted with enforcement coming only from the AG’s office, except in data breaches.

Putting it Into Practice: Companies should remain diligent in their compliance efforts—this is not a reason to ratchet down diligence and remediation. It is, however, a welcomed reduction in risk and compliance costs for all businesses subject to the law. <<Collective sigh of relief.>>

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.

TRENDING LEGAL ANALYSIS


About this Author

Rachel Hudson, Lawyer, Sheppard Mullin, Intellectual Property Practice Group
Associate

Rachel Tarko Hudson is an associate in the Intellectual Property Practice Group in the firm's San Francisco office.

Areas of Practice

Rachel advises clients in the retail, technology, media, and other industries in online and mobile e-commerce transactions and vendor agreements, intellectual property licensing, commercial and development agreements, and other transactional matters. She assists clients in complying with domestic and international privacy laws, clearing advertising campaigns, conducting contests and sweepstakes promotional initiatives, and...

415.774.2999
Partner

Craig Cardon serves as Co-chair of Sheppard Mullin’s Privacy & Data Security Group and as the International Liaison for the firm’s China offices. Craig is a partner in the Entertainment, Technology and Advertising and the Intellectual Property Groups in Sheppard Mullin's San Francisco and Century City offices.

Areas of Practice

Craig enjoys a broad advertising, privacy and ecommerce focused practice. He primarily represents brands, retailers, ad agencies, ad networks and other business involved in advertising, marketing and the data associated with it.  

310-228-3749
Snehal Desai, attorney, Sheppard Mullin
Attorney

Snehal Desai is an associate in the Intellectual Property Practice Group in the firm's San Francisco office. She is a member of the Privacy and Cybersecurity Team, the Advertising Team and the Technology Transactions Team.

Areas of Practice

Advertising: Snehal advises clients in conducting advertising campaigns, contests and sweepstakes, and brand marketing campaigns. 

Technology and Commercial Transactions: Snehal drafts and negotiates...

415-774-2960
Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335