pdf

California Attorney General Notifies California Consumers of Their Rights Under the California Consumer Privacy Act

January 8, 2020

On January 6, 2020, California Attorney General Xavier Becerra issued an advisory to California consumers notifying them of the California Consumer Privacy Act’s (CCPA) new data privacy rights. The advisory details the rights granted under the new law and emphasizes that businesses must comply with the law as of its effective date, January 1, 2020. The advisory further advises that businesses are required to implement and maintain reasonable security procedures and practices to protect consumers’ personal information and that the CCPA authorizes consumers to institute a civil action if certain personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section 1798.81.5, such as a person’s name plus their social security number, is subject to an unauthorized breach as a result of a business’s failure to reasonably secure this data. The advisory also provides consumers an online form and toll-free number for CCPA-related complaints to the Attorney General.

The advisory includes a reminder that data brokers are now required to register with the Attorney General and provides a registration link. The data broker requirement applies to businesses subject to the CCPA that knowingly collect and sell the personal information of a consumer with whom the business does not have a direct relationship to third parties. It does not apply to: (1) a consumer reporting agency covered by the federal Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.); (2) a financial institution covered by the Gramm-Leach-Bliley Act (Public Law 106-102) and implementing regulations; or (3) an entity covered by the Insurance Information and Privacy Protection Act (Article 6.6 (commencing with Section 1791) of Chapter 1 of Part 2 of Division 1 of the Insurance Code).

This advisory comes on the heels of several public statements by Attorney General Becerra that the Attorney General’s Office will actively enforce the law and provides confirmation that companies subject to the CCPA may face serious consequences in the event of consumer complaints.

O’Melveny’s Data Security and Privacy team helps affected companies comply with the CCPA. Our CCPA Toolkit explains the law’s requirements, can help you make an initial assessment as to whether your company is affected by the CCPA, and lays out eight steps you can take to comply with the CCPA. Our lawyers also can provide specific counseling on the application of the law to your company.


This memorandum is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. Steve Bunnell, an O’Melveny partner licensed to practice law in the District of Columbia, Lisa Monaco, an O’Melveny partner licensed to practice law in New York, Randall W. Edwards, an O’Melveny partner licensed to practice law in California, Daniel R. Suvor, an O’Melveny partner licensed to practice law in California, and Scott W. Pink, an O’Melveny special counsel licensed to practice law in California and Illinois, contributed to the content of this newsletter. The views expressed in this newsletter are the views of the authors except as otherwise noted.

© 2020 O’Melveny & Myers LLP. All Rights Reserved. Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York’s Rules of Professional Conduct to O’Melveny & Myers LLP, Times Square Tower, 7 Times Square, New York, NY, 10036, T: +1 212 326 2000.