CCPA QOTD: What are the penalties for non-compliance with the CCPA?

Mintz - Privacy & Cybersecurity Viewpoints

Mintz - Privacy & Cybersecurity Viewpoints

Unless you have been living off the grid for the past year, you likely know that we are now down to 8 days and counting to the effective date of the California Consumer Privacy Act (CCPA). We have received hundreds of questions and concerns from clients over the past few weeks in the preparations of compliance programs and thought we would share a question of the day (QOTD).

One of the most frequently asked questions:

What are the penalties for non-compliance with the CCPA (or what happens if we drag our feet)?

The California Attorney General is responsible for enforcement of the CCPA. Section 1798.185(c) of the CCPA provides that the Attorney General cannot bring an action until six months after publication of the final regulations (which are still pending) or July 1, 2020, whichever is sooner. Attorney General Becerra has made it clear, however, that actions brought after July 1 however may relate to conduct between January 1 and July 1, 2020. Civil penalties can range from $2,500 for a non-intentional violation to $7,500 for an intentional violation. A business is not liable if it cures any noncompliance “within 30 days after being notified of alleged noncompliance” (although some types of noncompliance – or a data breach – may not be capable of “cure”).

The CCPA also contains a private right of action that consumers can bring under certain circumstances if a business experiences a data breach. Importantly, the exemptions in the CCPA for personal information collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Driver’s Privacy Protection Act (DPPA), employee/applicant personal information or personal information collected by business to business transactions and interactions do not exempt the covered business from the CCPA private right of action for data breaches.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz - Privacy & Cybersecurity Viewpoints | Attorney Advertising

Written by:

Mintz - Privacy & Cybersecurity Viewpoints

Mintz - Privacy & Cybersecurity Viewpoints on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.