The California Consumer Privacy Act of 2018 (“CCPA”) was designed to emulate the European General Data Protection Regulation (“GDPR”) in many respects. As a result, United States companies that thought they were not subject to the GDPR are now laser focused on the requirements of the CCPA and rushing to verify that their practices comply with the statute. While the CCPA was drafted with an eye towards the GDPR, it also differs from that regulation in many respects. As a result, companies that just finished their push to come into compliance with the GDPR now also must redirect their attention toward the CCPA.
The CCPA is arguably the most comprehensive - and complex - data privacy regulation in the United States. It may also be one of the most hastily put together pieces of privacy legislation in recent history. Governor Brown approved this week the California legislature’s first pass at fixing some of the statutory problems with the Act.
To help companies understand what the Act (as amended) requires the Bryan Cave Leighton Paisner Data Privacy and Security Team have published the definitive “Practical Guide” to the CCPA. Click here to view the guide.