The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) radically changed privacy and data protection in the United States by providing consumers with expansive privacy rights and more control over the personal information that businesses collect about them, added new responsibilities for business and service providers, and created a new state agency, the California Privacy Protection Agency to handle enforcement. Every company with a California nexus will need to evaluate and implement changes across business lines to comply with the CCPA and CPRA.
We can also help you closely monitor similar laws and regulations enacted in other states (and countries), including the Virginia’s Consumer Data Protection Act (CDPA) and the General Data Protection Regulation (GDPR), ensuring that the privacy compliance program developed addresses any potential impact of the changing legal and regulatory landscape.
Consumer confidence and safety concerns over personal data related to technologies and digital products increasingly result in investigations by regulatory authorities, consumer class and collective actions, and securities and derivatives litigation. Through our compliance and risk management counseling, we work with clients to minimize their risk of becoming the target of investigations. In addition, we have had great success assisting clients in resolving government inquiries and investigations before they become litigation. We also counsel on federal, US State, UK and EU privacy-related legislation and rulemakings, including self-regulatory efforts to develop and implement new standards and best practices.
With increased enforcement efforts by state attorneys general (AGs) on a wide variety of issues and industries, it is important that corporations are proactive in building bridges with AG offices with the goal of effectively and efficiently resolving problems before they become an issue for the business.