The lingering COVID-19 pandemic has driven many businesses to reimagine how both their workforce and consumers will interface in the future. For employees, working from home has presented new challenges and opportunities. Time previously spent commuting is saved, while communal areas of the home have been re-purposed into makeshift office space, and the daily wardrobe is dictated by scheduled video-conferences. For consumers, the slow migration away from brick and mortar stores has become a sprint, largely mandated by local health orders closing stores. Even stores that remained “open” have implemented online or remote/physically distanced measures to connect with consumers. Buying groceries, clothing, food for delivery, and even dating and other social interactions have moved almost entirely online. As daily “living” moves online individual privacy rights have garnered more attention, including from legislators.

California was one of the first states to enact privacy protections for consumers, specifically the California Consumer Privacy Act (CCPA). The CCPA went into effect on Jan. 1, and granted consumers rights in their specific personal information and a private right of action for breaches of defined personal information. Further, on July 1, the California Attorney General began the public enforcement of the privacy rights of Californians. Penalties for violating the CCPA are steep; up to $2,500 per violation or $7,500 per intentional violation. These “per violation” penalties when considered against the backdrop of websites that receive hundreds, if not thousands, of unique daily users are a sober reminder of the seriousness of the CCPA. Already, a wave of class actions has been filed in California against many businesses that have become synonymous with the COVID-19 pandemic—and more are coming each week.