October 19, 2019

October 18, 2019

Subscribe to Latest Legal News and Analysis

October 17, 2019

Subscribe to Latest Legal News and Analysis

Preparing for Compliance with the California Consumer Privacy Act

On the heels of working with clients on compliance with the European Union’s General Data Privacy Regulation (GDPR) and the rapidly evolving landscape of data privacy and security laws and regulations, the next hurdle to set compliance sights on for organizations is the California Consumer Privacy Act (CCPA).

 Now is the time to be thinking about, assessing and determining compliance obligations and implementing those measures so they are in place when the CCPA goes into effect in January 2020.

report issued this week by TrustArc confirms what we are seeing in the industry: that although companies are aware of CCPA, and some have started addressing compliance with it, a vast majority of companies that it applies to are behind in tackling the requirements.

The TrustArc Report, CCPA and GDPR Compliance Report, states that “[F]or the vast majority of respondents (over 86 percent), CCPA compliance is still a work in progress. 14 percent report being CCPA compliant and 16 percent of respondents have not started the process yet. 21 percent of companies who worked on GDPR compliance report being CCPA compliant already vs only 6 percent for companies who did not work on GDPR.”

According to those surveyed, 64 percent of the respondents said they need help developing a CCPA plan and conducting privacy risk assessments, and 63 percent said they need help addressing international data transfers. Those companies which have already addressed GDPR compliance were ahead of their peers which have not.

Bottom line: If you have not made CCPA compliance a priority in your organization, now is the time. The compliance date is looming, and it takes time to implement the compliance plan. Further, a big incentive to get the compliance plan in place is the fact that CCPA provides a private right of action for consumers to get statutory damages for violation of the Act. We have seen how this has gone with Telephone Consumer Protection Act class action cases. The plaintiffs’ attorneys are ready to test companies’ compliance with CCPA, so addressing compliance now, instead of waiting to get hit with a class action case, is something to be considered.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...