CCPA Enforcement Begins July 1, 2020 – Violators Already Being Pursued

Financial institutions are down to one week left to update their privacy notices and privacy practices in order to comply with the California Consumer Privacy Act. The CCPA will be enforced by California’s Attorney General starting July 1, 2020 following six months of breathing room since the law took effect January 1, 2020. In addition to the enforcement by California’s AG, private actions for CCPA violations have already been filed against a number of companies – signifying that the law has teeth and noncompliance is being pursued aggressively.

In a previous blog post, we identified the various requirements imposed by the CCPA, many of which are similar to data protections for individuals under the GDPR. Noncompliance can result in a penalty of up to $2,500 per violation ($7,500 per violation if deemed intentional), which can quickly rack up given the number of California clients a financial institution may have.

Final regulations implementing the CCPA were published June 1, 2020 and are available here.

At CSS, we are receiving inquiries from financial firms looking to update their privacy notices ahead of the enforcement date. If you would like assistance in reviewing your privacy practices for CCPA or conducting a data classification assessment, or to inquire about any of our cybersecurity service offerings, please contact our experts at:

Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Latest Content