California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) took effect on January 1, 2020. This regulation brings significant change to the U.S. privacy and data protection law landscape, and serves as a harbinger of a potential wave of additional consumer data privacy regulations at the state and even federal level, much as the General Data Protection Regulation (GDPR) has changed how business is done in the EU and beyond.
Our approach to CCPA compliance begins with a clear and nuanced understanding of the statute, including both existing provisions, as well as the “unknowns” and associated risk factors based on anticipated changes or clarifications to the law. To support your CCPA readiness efforts, we will prepare and assist as needed in implementing a plan that features plain-language, practical steps toward compliance, leverages your existing privacy compliance and customer notice programs and mechanisms to the fullest extent possible and well-reasoned and risk-based analysis to address the more ambiguous CCPA provisions.
Our team is deeply familiar with the implications of the CCPA and other legislative proposals, and we provide clients with customized, practical advice regarding:
- Compliance readiness assessment
- Compliance program development and implementation (including internal and external-facing policies and notice development)
- Inventory data and mapping data flows
- Privacy and data security assessments
- Risk management
- Tracking legislative and regulatory developments (CCPA and beyond)
- Vendor contract drafting and review
- Identifying, engaging and managing/supporting IT team members, consultants, and solutions
Of Counsel and Senior Policy Advisor for Consumer Protection