The California Consumer Privacy Act: Preparing for Compliance

The California Consumer Privacy Act: Preparing for Compliance

May 9, 2019

Signed on June 28, 2018, amended in September, and going into effect January 1, 2020, the California Consumer Privacy Act (CCPA) will provide millions of customers that reside in California with greater control over what personal information companies collect, how companies intend to use that information, and what third parties can access that information.

Broad in its scope and application, CCPA applies to all companies that do business in California and:

  1. have over $25 million in annual revenue; or
  2. buy, sell, receive, or share personal information of over 50,000 consumers; or
  3. make more than 50 percent of your revenue from selling consumers’ information.

After January 1, 2020, the California Attorney General can seek civil penalties of not more than $2,500 per violation, or up to $7,500 per intentional violation. The CCPA also provides for a private right of action, opening thousands of companies up to additional potential exposure.

Further, the landmark piece of cyber and data privacy legislation is likely to serve as a template for similar statutory and regulatory changes in other states, and potentially even at the federal level.

Goldberg Segalla’s Cybersecurity and Data Privacy Practice Group has created a CCPA Fact Sheet, covering thresholds, dates, penalties, obligations, and pathways to compliance.

For more information on options and obligations under the CCPA, or to discuss how Goldberg Segalla can help you achieve compliance, please contact Cybersecurity and Data Privacy Practice Group Chair Marc S. Voses at 646.292.8720 or