California Consumer Privacy Act

The California Consumer Privacy Act of 2018 (CCPA) reaches a broad swath of businesses for whom data privacy compliance was not previously a significant concern.  Now, virtually every company doing business in California must seriously weigh the benefits of innovative collection, use and sharing of personal information against new regulatory and litigation risks.  The CCPA’s passage was only the beginning of moving business in the Golden State, and the nation as a whole, toward a new privacy paradigm.  On November 3, 2020, California voters enacted, via ballot initiative, the California Privacy Rights Act of 2020 (CPRA), which will expand the CCPA’s scope, requirements, and enforcement in significant ways effective January 1, 2023.

Strading’s Privacy & Data Security group is on a mission to help companies turn CCPA compliance into a business asset rather than a regulatory burden.  We have been advising clients on designing and updating compliance programs to account for CCPA, and managing related risks, since the law’s enactment in 2018.  Our capabilities include helping clients:

• Determine whether and how the CCPA (and other data privacy and security regulations) apply to them
• Understand what personal information is collected, how it is being used, and the risks arising from that activity
• Perform data privacy and security risk assessments
• Incorporate privacy risk management into product development and employee training
• Reform use of online tracking technologies, analytics and social media tools and digital advertising relationships to support compliance obligations
• Develop resources and back-end processes for responding to consumer requests to exercise data rights
• Update vendor and customer agreements to assign data processing roles and allocate risks
• Defend regulatory inquiries, commercial litigation and consumer class actions arising from data security incidents