In response to the recent wave of high-profile data breach incidents—including those experienced by Target, Equifax, Cambridge Analytica, and many others—the California state government has enacted what is, to date, the most groundbreaking privacy legislation in United States history. Known as the California Consumer Privacy Act of 2018 (CCPA), California’s new privacy regulation possesses the potential to cause a seismic shift in the landscape of data privacy law not just in California, but across the country.
Importantly, this new sweeping privacy legislation will impose a multitude of new, extremely demanding notice, disclosure, and consent requirements on a vast array of business entities that conduct operations and/or handle the personal information of California residents. Businesses who fall under the scope of the CCPA can expect the compliance process to be complex, just as many organizations have put the final touches on their compliance efforts with respect to the European Union’s own game-changing privacy law—General Data Protection Regulation (GDPR)—which took effect in May 2018.
