The California Consumer Privacy Act (CCPA): Regulatory Trends and Challenges Explored
The California Consumer Privacy Act (CCPA) significantly reshaped privacy laws, creating a profound impact on California-based companies and consumers. Since its enactment, businesses have been faced with increased challenges and compliance hurdles and its effect will be further felt as revisions to the existing regulations are still possible.
While the release of the final regulations is still uncertain, businesses must be up-to-date and well-versed with the regulatory developments in the CCPA. They must also be proactive in reviewing their company practices and policies to ensure compliance and avoid legal liabilities and sanctions.
The Knowledge Group has assembled a panel of key thought leaders and practitioners to provide the audience with an in-depth discussion of the current and emerging regulatory developments in the CCPA. Speakers, among other things, will present implications and drawbacks and offer best compliance practices in this rapidly evolving legal climate.
This LIVE Webcast will discuss the following key provisions:
- Regulatory Updates on Proposed CCPA Regulations
- New Consumer Privacy Rights
- Demystifying Implications
- Risk Issues and Challenges
- Best Compliance Practices
Jana Terry, JD, CIPP/US, Partner
Beckstead Terry PLLC
CCPA Regulatory Update: As the CCPA regulations are on the verge of becoming final, companies are now better able to determine the specifics of compliance. We will cover the highlights:
- How to comply with notice obligations
- Notice at collection
- Notice of right to opt-out of sale of PI
- Notice of financial incentive
- How to respond to consumer CCPA requests (to opt out, for categories of PI, for specific pieces of PI, and to delete)
- Verification procedures
- Response deadlines
- Options for substantive responses
Mary Jane Wilson-Bilik, Partner
Eversheds Sutherland (US) LLP
- Changes to the CCPA are on the horizon: the CPRA initiative. In November 2020, Californians are expected to approve a ballot initiative, the California Privacy Rights Act (CPRA). This initiative will significantly amend the CCPA, adding new consumer rights and requiring businesses to implement these new rights, modify their contracts and amend their privacy policies.
- Highlights of the CPRA: We will discuss several aspects of the CPRA, including
- the new consumer right to correct their personal information
- the concept of “sensitive personal information” and consumers’ right to limits its use and disclosure
- consumers’ right to opt-out of selling and sharing their personal information
- new contract requirements impacting all entities that receive personal information
- new limitations on cross-contextual advertising, automated decision-making (AI) and profiling
- the authority of California’s new privacy agency, the California Privacy Protection Agency (CCPA).
Kenneth K. Dort, Partner
Faegre Drinker Biddle & Reath LLP
- “Reasonable security procedures and practices” under the CCPA – what is a reasonable security procedure and practice for purposes of the private right of action for data breaches in the CCPA era as noted in Section 1798.150? We will take a look at the GDPR, NIST, and the CIS for insights on what protocols companies should be considering, as well as what recent litigation may be signaling on this front.
- Data breaches under the CCPA – what triggers has the CCPA imposed to permit private rights of action arising from data breaches? How has the CCPA incorporated the current CA breach notification provisions in Section 1798,81.5 on this front, and what should companies incurring a breach involving CA residents be thinking about to address the exposure created by the CCPA in the data breach context. What should companies be concerned about now? Does the CCPA affect how breach notification efforts towards CA residents should be conducted?
Charumati Ganesh, CIPP/US, Associate
- Private right of action & increased litigation – Consumers may sue businesses for statutory damages when specified types of personal information are subject to unauthorized access and exfiltration, theft, or disclosure because of a failure to implement and maintain “reasonable” security measures and the business has not cured the alleged violation within the CCPA's pre-suit period. See Cal. Civ. Code § 1798.150.
- Plaintiffs don't need to show actual harm.
- Liability could be enormous; for example, for Equifax, statutory damages of $100 – 750 per customer per incident would have translated to $1.5 to $11.25 billion in liability for its breach, which involved over 15 million California residents.
- Though this only applies to data breaches, consumers have already attempted many times to bring CCPA claims alleging failure to comply (e.g. recent Zoom class actions) and have cited the CCPA in connection with different violations (e.g. California Unfair Competition law)
Who Should Attend:
- Privacy/Data Protection Officers
- Information Security Directors
- Chief Information Security Officers
- Chief Technology Officers
- Chief Information Officers
- Risk and Compliance Officers
- Marketing Executives
- C-Level Executives
- In-House/General Counsels
MJ received her doctorate in political science from Columbia University and her J.D., magna cum laude, from the Georgetown University Law Center.
Mary Jane (MJ) Wilson-Bilik is a Privacy and Cybersecurity law partner at Eversheds-Sutherland (US). For more than 25 years, MJ …
Kenneth Dort is a preeminent resource on mission-critical data security issues and is consulted often for immediate counsel on high-stakes data breaches, as well as for guidance and strategy on the privacy and other legal implications of new technologies. Ken is CIPP/US, CIPP/E and CIPP/C certified and is a recognized adviser to clients around the world on data security and privacy practices and compliance needs arising under federal, state, provincial and international laws and industry standards. He also is a powerful litigator in the courtroom, a deft negotiator with regulators and a valued counselor on software development and integration.
Kenneth Dort is a preeminent resource on mission-critical data security issues and is consulted often for immediate counsel on high-stakes …
Jana Terry is a privacy and compliance partner with Beckstead Terry PLLC, a boutique business and employment law firm in Austin, Texas. Building on a 20-year background in commercial litigation, Jana now focuses her law practice on data privacy and security laws (including GDPR and CCPA), data breach and incident response planning, workplace ethics and privacy matters, and internal investigations. Jana is a Certified Information Privacy Professional (CIPP/US), a Certified Compliance & Ethics Professional (CCEP-US), and a Certified Fraud Examiner (CFE). Jana is honored to have been selected for the Texas Super Lawyers list every year since 2015. In 2019 & 2020, she was also selected by Austin Monthly as a "Top Austin Attorney" in the Business Law category.
Jana Terry is a privacy and compliance partner with Beckstead Terry PLLC, a boutique business and employment law firm in …
Charu is a data privacy and cybersecurity attorney in the Grand Rapids office of Varnum LLP. Charu holds a CIPP/US certification and represents clients in a number of industries, including autonomous and connected vehicles and the consumer data marketplace. Charu is able to skillfully navigate the intricacies of the rapidly-evolving data privacy and cybersecurity regulatory landscape and help her clients develop policies and procedures that comply with both international and domestic privacy laws.
Charu has represented clients in the insurance, manufacturing and agricultural industries through regulatory enforcement actions and consumer tort litigation. Charu has also counseled global corporations through data breaches and helped them develop response plans that minimize their risk of liability.
Charu is a data privacy and cybersecurity attorney in the Grand Rapids office of Varnum LLP. Charu holds a CIPP/US …
Print and review course materials
Method of Presentation:
On-demand Webcast (CLE)
NY Category of CLE Credit:
Areas of Professional Practice
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Eversheds Sutherland (US) LLP
As a global top 15 law practice with 69 offices across 34 countries worldwide, Eversheds Sutherland provides legal advice and solutions to a global client base that includes some of the world’s largest multinationals. Our teams of lawyers around the world operate seamlessly to deliver the legal know-how and strategic alignment that clients need from their advisers to help them further their business interests. As privacy and data protection laws put increasing regulatory and commercial pressure on how companies gather, use and share information, our substantial international team of over 110 data privacy and cybersecurity experts advises our clients on global and national data needs.
For more information, including our locations in Atlanta, Austin, Chicago, Geneva, Houston, London, New York, Sacramento, San Diego and Washington, DC, please visit www.us.eversheds-sutherland.com
About Faegre Drinker Biddle & Reath LLP
Faegre Drinker is a top 50 firm designed for clients. We opened our doors on February 1, 2020, uniting Faegre Baker Daniels and Drinker Biddle & Reath, two firms known for exceptional legal and consulting capabilities and a commitment to service excellence. Clients are at the start — and the heart — of everything we do. With more than 1,300 experienced attorneys, consultants and professionals in 22 locations across the United States, United Kingdom and China, we have the strength to solve your most complex transactional, litigation and regulatory challenges wherever you need us. We partner with clients ranging from emerging startups to multinational corporations, delivering comprehensive and customized advice that advances your most ambitious business objectives. Our culture is firmly rooted in relentless client focus and mutual trust that empowers collaboration. We listen to understand your priorities and pressure points. We bring you fresh ideas that work. And we deliver excellence — without arrogance. We are committed to our communities and to building a diverse and inclusive firm that reflects those communities and our clients. Bolstered by our collective history, Faegre Drinker moves boldly into the future, investing in talent, technology and innovation to continually provide clients with exceptional service, collaborative experiences, innovative approaches and value.
About Beckstead Terry PLLC
Beckstead Terry PLLC is a boutique business law firm in Austin, Texas. We handle employment, data privacy, compliance and corporate ethics matters. Prior to founding Beckstead Terry 6 years ago, our partners practiced for many years with two of the nation’s largest law firms. Now we combine our decades of large law firm experience with lightning-fast responsiveness and a nimble, tech-savvy platform that maximizes efficiency and client service. Our clients range from start-ups to the Fortune 500. Our attorneys are licensed in both Texas and California. Our partners have been listed as either “Rising Stars” or “Super Lawyers” in Texas every year since 2015. We are also honored to have been named as Top Attorneys in Austin (for both 2019 and 2020 in the categories of Labor & Employment and Business Law).
About Varnum LLP
Varnum LLP is a leading Michigan law firm providing a broad range of legal services to meet the complex needs of its clients. For more than 130 years, clients have trusted Varnum for excellence, innovation and superior results in the delivery of legal services. With more than 180 attorneys in eight offices, Varnum serves as counsel to growing businesses and institutions throughout Michigan, the Midwest and nationally.