Headlines in the last week featured the failure of California's Senate Bill 561 in the fiscal committee - a welcome win for businesses subject to the CCPA. The bill would have amended the CCPA to expand the private right of action and eliminate the 30-day "grace period" during which businesses have the opportunity to "cure" violations. But even in light of the failure of Senate Bill 561, businesses should not minimize or delay their efforts as they relate to CCPA compliance. While the potential for expansion of the private right of action has stalled, the penalties currently allowed in the CCPA are significant enough to warrant concern from businesses subject to the regulation.
"The CCPA still allows the Attorney General's office to seek $2,500 per 'violation' and $7,500 per each intentional violation. If those amounts are applied on a per consumer or per day basis, the potential damages could be substantial." - David Stauss, Husch Blackwell
Senator Hannah-Beth Jackson has expressed her commitment to ensuring the protection of Californians' fundamental right to privacy despite the failure of this particular amendment, which she introduced with the Attorney General's support back in February.
“ Even if we look only at the dollar amounts now involved, the CCPA represents a dramatic escalation in data privacy and security risk posed both by potential enforcement actions and private lawsuits. ” - Brandon Reilly, Manatt
If you have employees in California, they are part of your risk profile. The current scope of CCPA is not limited to only customers. It grants current employees, past employees, and job candidates that you didn’t hire that are California residents the same rights as customers.
“While use of the term ‘consumer’ may suggest a particular type of relationship, the term is defined broadly to include any California resident and as a result, in its current form the CCPA also will apply to information collected by covered businesses about their California employees.” Hunton Andrews Kurth
When considering your potential exposure under CCPA, it’s important to consider all of the “consumers” whose data you maintain California residents who are customers, employees, employees’ dependents, job applicants, volunteers, independent contractors, etc. We developed a simple tool to calculate what your potential exposure might be under CCPA.
For over 30 years, Jordan Lawrence has been helping companies manage their information compliantly, defensibly and cost effectively. We work with the world’s leading organizations to ensure they meet their obligations, mitigate risks, and reduce the costs of overall information compliance and control. To learn more about how we're helping companies prepare for CCPA, schedule a call.