During a recent CLE presented by Natalya Northrip, Global Chief Privacy Officer at Arthur J. Gallagher & Co.; David Shonka, Partner at Redgrave LLP; Alex Pilmer, Partner at Kirkland & Ellis LLP; and Erin Plante, Director of Strategy & Consulting at Inventus, we learned a lot about the pending California Consumer Privacy Act – from what it covers (and what it doesn’t), who is subject to its regulations, what the consequences for noncompliance may entail, and some of the steps we should be taking to prepare. Read on below for some of our key takeaways.
Set to go into effect next month, the California Consumer Privacy Act (CCPA) will grant Californians the right to see what data a company holds on them. It has many similarities to the 2018 European General Data Protection Regulation (GDPR), which lets Europeans access and delete their data in many circumstances.
Even though the law is a California one, it affects every significant business that may hold the personal data of California residents – essentially extending to any medium to large-size company that has, does, or ever will do business in or sell products or services to citizens of California.