Skip to main content

California Consumer Privacy Act (CCPA)

California is the newest “privacy battleground” and the CCPA will apply to a wide scope of business and an even wider scope of personal information. Since February, Mintz has run a webinar series focused on the CCPA and our team is working on assessments of collection and use of personal information and CCPA exposure to help clients start planning now for the January 1, 2020 effective date.

Click to View the Statute


CCPA Webinar Recordings

California Consumer Privacy Act: Overview (2/6/2019)

This webinar, the first in our California Consumer Privacy Act Series, provides an overview of the act including who it applies to, the types of data covered, and the new rights granted by the act such as data access, deletion, and portability. Actionable, business-focused advice is provided regarding preparing data inventories and process flows to support these new rights, as well as business model considerations in light of the act’s guidance on data monetization and the sanctions and remedies that companies may face. Click to View Recording

California Consumer Privacy Act: Is the CCPA really “GDPR-Lite”? (3/27/2019)

In May of 2018, the EU’s General Data Protection Regulation (GDPR) took effect. Not to be outdone, California passed its own sweeping data protection legislation in August of 2018 — the California Consumer Privacy Act of 2018 (CCPA). In this webinar, Sue Foster and Cynthia Larose discuss the key similarities and differences between the GDPR and the CCPA, as well as practical steps your company can take to assess gaps and map out your path to compliance. Click to View Recording

California Consumer Privacy Act: Health Care and Life Sciences (4/10/2019)

The CCPA includes an exemption for personal health information collected by HIPAA-covered entities. But, health care organizations and life sciences companies still have obligations under CCPA and are not completely “home free.” In this webinar, Dianne Bourque and Cynthia Larose discuss the requirements of the CCPA for health care organizations – both HIPAA-covered entities and business associates – and life sciences companies, and discuss the scope of the HIPAA, Confidentiality of Medical Information Act, and clinical research exemptions. Click to View Recording

California Consumer Privacy Act: Sea Change for Retailers and the Hospitality Industry? (6/26/2019)

With the January 1, 2020 deadline for compliance with the California Consumer Privacy Act fast approaching, companies that serve California residents want to know how the act will affect their businesses. The retail and hospitality industries depend on knowing and understanding consumers to both attract and retain them. In this webinar, Cynthia Larose and Brian Lam focus on how to retool common process flows to become compliant with the act while maintaining user experience, provide a checklist on best practices for complying with the new regulations, and discuss current developments with amendments to the act. Click to View Recording

California Consumer Privacy Act: Enforcement and That Private Right of Action (7/31/2019)

With the California Consumer Privacy Act (CCPA) set to take effect on January 1, 2020, many businesses dealing with California consumers and their information are under immediate pressure to comply. Despite the deadline, the CCPA remains a work in progress. From ways to institute compliance practices in such a short amount of time, to strategies for avoiding the incoming flood of litigation, many unanswered questions remain. This session will focus on: the latest CCPA legislative updates, tips for anticipating and avoiding CCPA class actions, the CCPA's private right of action, strategically responding to CCPA request, and a checklist on best practices for complying with the new regulations and how to avoid pitfalls. Click to View Recording


EU General Data Protection Regulation (GDPR) Webinar Series

Click to View Recordings


CCPA Blog Posts

2019 CCPA Amendment Process Comes to a Close (9/20/2019)

Interested parties and privacy professionals have all been anxiously awaiting how legislative activity would shake out before the California Consumer Privacy Act (“CCPA”) is implemented January 1, 2020.  Now that the dust has settled inside the golden dome in Sacramento and the state legislature’s 2019 session has come to a close, we can see which bills passed and will be provided to Governor Gavin Newsom, who has until October 13th to either veto these bills or sign them into law.

#CCPA Legislative Update: “And the days dwindle down … to a precious few….” (September Song, Kurt Weill) (9/11/2019)

The California 2019 legislative session closes on Friday, and thus all bills must be finalized to move to the Governor’s desk for signature.  That means that all CCPA pending amendments have a few more days.   Last Friday marked the last day on the legislative calendar that changes could be made from the floor to pending amendments, and the California Senate did just that with several of the CCPA Assembly bills.

California Legislature Working Through Data Privacy Amendments (9/6/2019)

In California's Senate session on September 5, AB 1130 was passed, which amends the state’s data breach notification law. The amendment would include passports, biometric data, and taxpayer and military identification numbers to the definition of “personal information” requiring notice under the breach notification law if breached.

And the CCPA Amendment Countdown Begins … (8/13/2019)

The California Legislature has returned from its summer recess and got right to work on the pending amendments to the California Consumer Privacy Act (CCPA). The Legislature has 30 days from today to send any amendments to the Governor’s desk for signature.

Nevada Moves the Goalpost with New Privacy Law (6/7/2019)

Get ready:  October 1, 2019 is the new date for many U.S. businesses to begin providing consumers the right to opt-out of the sale of their personal information.  While January 1, 2020 was the date upon which many businesses were prepared to provide notice of consumers’ right to opt-out of the sale of their personal information to comply with California’s Consumer Privacy Act (CCPA), Nevada moved the goalpost last week and signed Nevada Senate Bill 220 (SB-220) into law, which requires many businesses to provide a similar opt-out, and becomes effective on October 1, 2019.

INSIGHT: California’s Privacy Act—Watch for an Expanding Private Right of Action (5/3/2019)

The California Consumer Privacy Act takes effect on January 1, 2020, but amendments are expected. In an article recently published by Bloomberg Law, Mintz attorneys Joshua Briones, Esteban Morales and Matthew Novian discuss the April 9 hearing on SB-561, a bill that would expand the private right of action and remove compliance opportunities for businesses, and explain why the bill should be closely watched.

Complying with the California Consumer Privacy Act: Are Health Care Organizations "Home Free"? (4/4/2019)

On June 28, 2018, California passed the California Consumer Privacy Act (CCPA) and then further amended it on September 23, 2018. CCPA breaks new state law privacy ground, and this post addresses some of the confusion surrounding the exemptions for health information.

SB 561 Aims to Make CCPA More Consumer-Friendly by Expanding a Private Right of Action and Removing the Right to Cure (4/4/2019)

Last week, California State Senator Jackson and state Attorney General Becerra introduced a new bill, Senate Bill 561.  If passed, it will greatly expand the consumers’ right to bring private lawsuits for violations of the California Consumer Privacy Act (“CCPA”).  SB 561 will: (1) provide for a private right of action for all CCPA violations—not just those stemming from a data breach; (2) eliminate the 30-day safe-harbor provision that currently allows companies to cure the violation and thereby avoid a private right of action; and (3) prevent companies from seeking specific opinions from the Attorney General and instead allow the AG’s office to provide “general guidance” via publications.

CCPA Amendment May Answer Employee Question (3/28/2019)

We’ve now presented two webinars (links will be posted ICYMI) on the scope of the California Consumer Privacy Act, and have been talking with scores of clients about preparation and planning.   One of the most frequently asked questions is whether the CCPA really applies to employee personal data processe by employers for business purposes.  

California Governor Floats “Data Dividend” Proposal (2/16/2019)

On the heels of the passing one of the nation’s leading pieces of privacy legislation, the California Consumer Privacy Protection Act (“CCPA”), Governor Newsom, used his first “State of the State” address, to highlight his position on data protection and privacy, by saying that technology companies “make billions of dollars collecting, curating and monetizing our personal data have a duty to protect it” and that “Consumers have a right to know and control how their data is being used.”  

California AG’s Office Gets Public Input on CCPA (1/29/2019)

The California Attorney General’s Office (CAGO) is conducting a series of public hearings around the state to gather input on the California Consumer Privacy Act of 2018 (CCPA). We attended the CAGO’s January 25th, 2019 hearing.  The panel of CAGO staff informed those in attendance to anticipate a Notice of Proposed Regulatory Action in the fall of 2019.

“Hey Alexa – Tell Me About Your Security Measures” (10/4/2018)

California continues to lead the nation in cybersecurity and privacy legislation on the heels of the recent California Consumer Privacy Act of 2018 (“CCPA”).  Governor Brown recently signed into law two nearly identical bills, Assembly Bill No. 1906 and Senate Bill No. 327 (the “Legislation”) each of which required the signing of the other to become law, on September 28th, 2018.

More Privacy Legislative Activity in California (9/4/2018)

Labor Day is passed, and the Privacy & Security Matters blog is back after a bit of a hiatus.    The California State Legislature was busy up to the last day of the session working on privacy legislation.

PRIVACY ALERT: California Leads the Privacy Parade Again with Groundbreaking Privacy Legislation (6/29/2018)

June 28, 2018 will be a watershed day in the history of U.S. data privacy legislation.   California has become the first state to move away from the U.S. approach of legislating data privacy in slow bits.


Subscribe To Viewpoints