Skip to Search
Skip to Main Content
Main Content

 

News & Publications

 

Godfrey & Kahn Updates

 

Press Room

Announcement

The fight begins: amendments to the California Consumer Privacy Act

October 2, 2018

As you may have heard, the California Consumer Privacy Act (CCPA) — a broad data privacy law — was enacted on June 28, 2018, with an original enforcement date of Jan. 1, 2020. Now, lawmakers have already passed the first amendment to the CCPA (SB 1121) just three months after its enactment. Among the most notable changes is a new enforcement date of July 1, 2020, or six months after the publication of final regulations from the CA Attorney General, whichever is sooner.  

The CCPA currently imposes requirements on companies that (1) have an annual gross revenue of $25 million or more; (2) collect, share, or sell data of 50,000 California residents or more; or (3) derive at least 50 percent of their annual revenues from selling consumers’ personal information. Some of the CCPA’s requirements include providing particular notices to consumers about data collection, responding to consumer requests to access, deletion, or correction of their data, and implementing data security measures to safeguard consumers’ information.

The CCPA — often compared to the EU’s General Data Protection Regulation — was hastily passed this summer in an effort to defeat a more intensive data privacy ballot initiative. Due to the quick pace of passage, lawmakers anticipated that the law would require subsequent amendments prior to 2020. On Sept. 23, 2018, the governor of California signed SB 1121, the first amendment to the CCPA. 

While the delay of enforcement by the CA Attorney General is the most notable change for companies, the amendment included other changes. The amendment also clarified exemptions for data regulated by the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA). Another change removed the requirement that consumers notify the CA Attorney General’s office after filing a private action related to a data breach. 

During the amendment process, businesses, the Attorney General and consumer groups all weighed in on potential changes. An array of industry groups proposed substantial revisions to the law, but lawmakers did not include a majority of their proposed changes. The amount of lobbying both by consumer protection advocates and businesses on the first amendment signals that SB 1211 is likely just the beginning of changes to the CCPA. In the next year, lawmakers will likely consider a number of amendments to the law before its enforcement date. 

Regardless of future changes, companies subject to the law should start or continue working regularly towards compliance, including revising privacy policies and developing internal processes to handle consumer data requests. We will continue to monitor the CCPA through future revisions and provide updates.

If you have any questions about the CCPA and your company’s compliance requirements, please contact the Data Security & Privacy Practice Group at Godfrey & Kahn, S.C. 

 

Related Attorneys

Media Contact 

If you have a media request or need an attorney with particular knowledge for comment, please contact Susan Steberl, Director of Marketing, at 414.287.9556 or ssteberl@gklaw.com.

Subscribe.

Subscribe today to receive firm newsletters and blogs, client updates, seminar announcements, and more according to your preferences and areas of interest.

Recent Updates

Please wait while we gather your results.

Recent News

Please wait while we gather your results.

Disclaimer and Legal Notices

Copyright © 2018 Godfrey & Kahn, S.C.

Attorneys at Law - All rights reserved.

 

Client Login

 

top