While the landmark California Consumer Privacy Act (CCPA) applies to many California-based businesses, non-California based entities without any physical presence in the state may also fall under its ambit.
Any for-profit entity in the United States that collects personal information of residents of California should ask itself these questions:
- My business is not based in California. Does the law apply to me?
- What types of personal information does my business collect? Where do we collect it and how do we use it?
- What requirements of the law apply to my business, and am I prepared to fulfill those obligations, including fulfilling consumer requests?
- Has my company updated its privacy policy as required by the CCPA?
- Has my company updated its contracts with vendors and others to account for the CCPA?
Separately, some portions of the CCPA may apply to other entities that process information on behalf of other businesses regardless of whether they are physically located in California or not.
The substantive rights conferred by the law went in effect on January 1, 2020, and California Attorney General (AG) enforcement actions will begin July 1, 2020.
On February 11, we will be offering a complimentary 60-minute webinar on the CCPA and we will focus on the following topics:
- Does the CCPA apply to me and my business?
- What rights do consumers have now that CCPA is in effect?
- What does CCPA require of companies nationwide, regardless of location of their headquarters?
- What could regulatory enforcement actions brought by the California AG look like?