Attorney General-led California Consumer Privacy Act enforcement begins July 1

Today marks six months since the California Consumer Privacy Act came into effect. And perhaps more importantly, today also marks the first day that the California Attorney General may file enforcement lawsuits against for-profit entities that run afoul of the landmark legislation.

Before today, only consumers could file lawsuits to recover damages for CCPA violations. The law only allows consumers to sue when their personal information is accessed, exfiltrated, stolen, or disclosed as a result of a for-profit entities' failure to implement and maintain reasonable security procedures and practices. The Attorney General, on the other hand, may sue for any violation of the statute, including but not limited to consumer rights:

  • To know what categories of personal information will be collected by the entity and why/how the information will be used;
  • To access their personal information;
  • To obtain disclosures whether an entity sells personal information and to opt out of such sales;  and
  • To have their personal information deleted.

For-profit entities should expect to see Attorney General enforcement actions filed soon, especially considering that the Attorney General has indicated the coronavirus pandemic will not delay its enforcement plans. And for-profit entities should also continue to prepare for consumer-led CCPA lawsuits like the already-filed Hanna Andersson litigation.

Attorneys from McDonald Hopkins’ national Data Privacy and Cybersecurity Practice Group are available to assist business organizations with CCPA compliance and privacy-related litigation.

+