Overview
McDonald Hopkins' national Data Privacy and Cybersecurity team has created a multitude of resources to help our clients understand and comply with the CCPA, including the CCPA primer below. For questions about the CCPA or any of the information available here, contact a member of our Data Privacy and Cybersecurity team.
What is the California Consumer Privacy Act?
California enacted the Consumer Privacy Act of 2018 in part as a response to revelations that Facebook data was shared with the political data firm Cambridge Analytica without users’ knowledge or permission. The law, which became effective Jan. 1, 2020, imposes obligations on businesses that collect and process personal information on California consumers to give those consumers rights to access, delete, and restrict certain uses of personal information, among other rights. Many of the rights afforded to California residents will parallel the data subject rights found in the EU's General Data Protection Regulation (GDPR).
The California Consumer Privacy Act of 2018 was given a delayed enforcement date to allow impacted businesses time to come into compliance. Additionally, the law does not authorize the attorney general to bring enforcement action until July 1, 2020, or until six months after the publication of final regulations pertaining to the law, whichever occurs first.
Who is affected by the CCPA?
The California law applies to a “business,” which is a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that collects consumers' personal information, or on behalf of which such personal information is collected, that does business in California and has annual gross revenue in excess of $25 million; buys, receives, sells, or shares the personal information of 50,000 or more consumers, households, or devices; or derives 50% or more of its annual revenues from selling consumers’ personal information.
Don’t get too caught up in the word “consumer” in the law’s title. A consumer under the law is a natural person who is a California resident. As such, a business can be responsible for complying with the law even if the California residents it serves are not actual consumers of any product or service. Similarly, “personal information” is defined more broadly than under other California privacy laws. Personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Related Areas
Newsroom
News
Events
CCPA resources
INFOGRAPHIC: California Consumer Privacy Act of 2018: What you need to know 
WATCH: California Consumer Privacy Act: Are you ready?
READ: 5 California Consumer Privacy Act amendments signed into law
READ: 5 possible amendments to the California Consumer Privacy Act
LISTEN: How will the California Consumer Privacy Act impact you?
READ: How the California Consumer Privacy Act of 2018 could impact your business
Key Practice Contacts
Member|
Member|
Members
Member|
Member|
Member|
Member|
Member|
Member|
Member|
Member|
Member|
Member|
Member|
Member|
Member|
Member|
Member|
Member|
Counsel
Counsel|
Counsel|
Counsel|
Counsel|
Associates
Associate|
Associate|
Associate|
Associate|
Associate|
Associate|
Associate|
Associate|
Associate|
