Watch the recording of our webinar about preparing for changes to the California Privacy Rights Act, featuring Morrison & Foerster partner Julie O’Neill and associate Cecillia Xie.
The California Consumer Privacy Act of 2018 (CCPA) is arguably the most expansive piece of privacy legislation in U.S. history. It imposes a number of obligations on covered businesses, including a duty to disclose the categories of personal information (PI) they collect, sell, or share about California consumers, and gives those consumers the right to opt out of the sale of their PI, the right to request deletion of their PI, and the right to receive a copy of the “specific pieces” of PI. Further raising the stakes, the Act also permits Californians to sue when their personal information is accessed, exfiltrated, or stolen as a result of a covered business’s failure to maintain reasonable security procedures.
In November 2020, California voters approved Proposition 24, the California Privacy Rights Act of 2020 (CPRA), which will become operative on January 1, 2023. The CPRA will significantly amend the CCPA, providing additional rights to consumers and imposing additional compliance obligations on businesses.
Our team has been closely monitoring all developments related to the CCPA and CPRA, and we have written and presented extensively to help companies identify their obligations, track enforcement trends, and mitigate risk, including by looking ahead to the CPRA.