California’s New Privacy Law Has Teeth: Civil Penalties, a Private Right of Action for Consumers, Statutory Damages, and Voiding of Consumer Arbitration Agreements

Travis Brennan, Chair of Stradling’s Privacy & Data Security practice, and Katie Beaudin, an associate in the firm’s Business Litigation practice, authored an article regarding the California Consumer Privacy Act (“CCPA”), which is slated to take effect on January 1, 2020, for the ABTL Orange County Report Spring 2019 edition. Given the CCPA’s broad scope, vague terms, and a generous delegation of rule-making authority to the California Attorney General’s Office, companies need to begin preparing now for implementation. While not quite as ambitious as Europe’s GDPR, the CCPA, which established four basic privacy rights for California residents and consumers, imposes significant new data protection obligations on a wide swath of businesses and creates new penalties for data breaches. Read the full article below for an outline of the major changes the CCPA is introducing into the world of data privacy, observations about compliance, and to learn about the new and significant legal exposures for compliance failures.