Over the last year, law firms of all sizes, from the largest in the world to small and midsize firms, have pursued funding from multiple rounds of the Payment Protection Program (PPP) . For some, the PPP...
On January 29, 2021, the Director of the U.S. Centers for Disease Control and Prevention (CDC), Dr. Rochelle P. Walensky, officially extended the federal government’s moratorium on residential evictions...
There’s no time like the start of the year to plan for the future, even when it comes to estate planning. In fact, for trust and estate attorneys (not to mention their clients), that’s has...
Now that we’ve collectively lived through the most unpredictable year in recent memory, it might seem a little ambitious, even reckless, to make predictions for 2021. After all, no law firm leader...
We all know that the COVID-19 pandemic has led to a historic increase in filings for unemployment benefits. But those are not the only employment-related claims that have risen during the pandemic. Workplace...
Following on the heels of the European Union’s General Data Protection Regulation, commonly referred to as GDPR, comes CCPA, the California Consumer Privacy Act. It’s California’s effort to enhance consumer data privacy at the state level. CCPA builds on California’s “Shine the Light Law” (CA Civil Code §1798.83) from 2005 and shares the goal of GDPR—to protect sensitive online data and prevent fraud.
And this legislation comes at a critical time, given the media attention that some high-profile data breaches have received. It seems that the public is becoming increasingly aware of the dangers of identity theft, and the importance of data and credit protection.
You can read a broader analysis of CCPA here, but the core tenet of the law is to put you (as a consumer) in control of your digital footprint.
So…what does that mean?
In layperson’s lingo, it means you have the right to know what information a particular company is collecting on you—things like age, credit card numbers, addresses, gender and (ominous music) much, much more. You also have a right to know who is buying or selling that information.
More importantly, this law gives you the ability to tell a company to delete your information and/or prevent that company from selling your data to another entity. Again, this is very similar to what the legal community saw with GDPR.
If you conduct business in California and: have over $25M in gross revenue; process the information of 50,000+ individuals; or earn over half of your revenue from selling California consumers’ personal data…
…then get ready to comply with the California Consumer Privacy Act.
That means you must adhere to the regulations outlined in the law, whether you have a brick and mortar presence in California or not. The National Law Review has a good checklist that can help.
But here’s the thing: since GDPR went into effect in 2018, any California entity that wanted to do business in Europe had to abide by similar laws already. So many businesses may have a head start on compliance (but it’s important to note that CCPA goes beyond GDPR in certain instances).
If you’re a lawyer, you can arm yourself with up-to-date resources, and if you’re a business, finding a lawyer to help you wade through these new guidelines is a good idea—especially since fines can hit $7,500 for a single violation.
Time-travelling phone booths aside, no one can predict the future with 100 percent accuracy. That said, it’s entirely possible, if not probable that similar legislation will eventually be introduced on the federal level. With every new identity theft case or data breach that hits the news cycle, the clamor of voices seeking more data privacy protection grows louder—which can spur action in Washington.
But the impact of federal laws may not be as dramatic as with CCPA, and that’s simply because California is a big economic market and CCPA applies to any business that touches the data of California citizens. That’s a lot of people, so many companies have begun girding themselves for CCPA’s arrival in 2020. Ergo, if similar laws are adopted at the national level, many businesses will already have laid the groundwork for compliance. (Kind of the way a lot of businesses were ready for CCPA, thanks to their preparations for GDPR.)
One thing is for certain: much like the way courts compared Mp3 files to cassette tapes around the turn of the century, legislation will always lag behind technology.
You just have to be ready for it when it (inevitably) comes.