The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) radically changed privacy and data protection in the United States by providing consumers with expansive privacy rights and more control over the personal information that businesses collect about them, added new responsibilities for business and service providers, and created a new state agency, the California Privacy Protection Agency to handle enforcement. Every company with a California nexus will need to evaluate and implement changes across business lines to comply with the CCPA and CPRA.
We can also help you closely monitor similar laws and regulations enacted in other states (and countries), including the Virginia’s Consumer Data Protection Act (CDPA) and the General Data Protection Regulation (GDPR), ensuring that the privacy compliance program developed addresses any potential impact of the changing legal and regulatory landscape.
From project scoping and planning, auditing and data mapping, to drafting, implementation and training on new compliance processes and documents, Reed Smith can help guide you through these challenges and leverage a wealth of best practices, tools and lessons learned from the countless projects we have undertaken for clients in implementing the new requirements ushered in by new privacy laws and regulations. We can help evaluate whether there is a sale of data under the CCPA, and review and update vendor agreements to address the requirements of CCPA for “service providers.”
Our data privacy and security lawyers are working on CCPA, CPRA and CDPA implementation projects of all shapes and sizes – so we can work with your IT, HR, marketing, and legal teams to develop the right strategy to meet your business objectives while mitigating legal and compliance risks. We also understand that there are unique challenges for each industry, and have teams of lawyers focused on regulatory issues and best practices in each major industry.