Prior to the unique data security and privacy challenges unexpectedly presented as a result of a mass movement to remote working earlier this year, the California Consumer Privacy Act (“CCPA”) was one of the most highly anticipated regulation organizations were (or, should have been) preparing to comply with. Despite industry pressure to delay enforcement of the CCPA so organizations could continue to focus on mitigating further disruptions and damage to their operations caused by the COVID-19 pandemic, the California Attorney General has maintained his commitment to begin enforcement of the CCPA on July 1, 2020.
In preparation for the enforcement date, Burns & Levinson will be doing a series detailing some of the highlights of the CCPA, which technically went into effect on January 1, 2020. If the CCPA applies to your organization and you had not previously taken steps to bring your organization into compliance with Europe’s General Data Protection Regulation (“GDPR”), you may have significant work to do in order to bring your organization into compliance with the CCPA. If your organization has previously engaged in GDPR compliance, you may still have work to do. While there is some overlap between the regulatory and statutory requirements of the GDPR and CCPA, they are separate laws with their own distinct requirements.
To kick off this series, we have put together a quick decision tree you have used to figure out if your organization probably needs to comply with the CCPA in four questions or less!
If you have not prepared for the CCPA as yet, you can find some helpful initial information at the California AG’s website. Also, please watch for upcoming posts and guidance at this blog, and feel free to contact us with any questions.
*On November 3, 2020, California approved the California Privacy Rights Act (CPRA) which, among other things, increased the threshold for the amount of personal information an organization must process to require compliance with the CCPA from more than 50,000 to 100,000 consumers or households. The CPRA also added a new category of businesses that need to comply with the CCPA: entities that voluntarily certify to the newly created California Privacy Protection Agency that it complies with and agrees to be bound by the law.