News 11 Oct. 2023
Curtis Team Instrumental in Shareholder Approval of a New Multilateral Treaty to Transform Pan-African Housing Finance Institution Shelter Afrique into a Development Bank
Event 23 Aug. 2023
Partner Borzu Sabahi Speaks at the 52nd IDRI Professional Accreditation & Membership Programme
Event 18 Aug. 2023
Partner Borzu Sabahi Speaks at FDI Moot Shenzhen
News 25 Jul. 2023
Partner Eric Gilioli Ranked in Top 10 Influential Energy & Natural Resources Lawyers in Kazakhstan in Business Today
Article 22 Aug. 2023
Fuad Zarbiyev Publishes Article in Journal of International Economic Law
Client Alert 14 Aug. 2023
The EU’s Market in Crypto Assets (MiCA) Regulation: The Highlights
Event 22 Aug. 2023
Partner Dr. Claudia Frutos-Peterson to Speak at Arbitration and ADR Commission of the ICC Mexico
Event 11 Jul. 2023
Partner Elisa Botero Speaks on the Role of the ICC in Investment Disputes
News 15 Aug. 2023
Legal Reader Publishes Article on Dr. Majed Alotaibi’s Arrival as Senior Counsel in Curtis’ Riyadh Office
News 31 Jul. 2023
Curtis Welcomes Senior Saudi Advisor, Dr. Majed Alotaibi, to its Riyadh Office
News 24 Aug. 2023
Curtis Attorneys Quoted in CoinDesk on FTX Founder Sam Bankman-Fried’s Strategy Ahead of His Criminal Trial
News 06 Mar. 2023
Russia Sanctions at the First Anniversary: An Overview of Current Sanctions in the US, UK, and EU and How Global Companies Can Navigate Evolving and Conflicting Sanctions Regimes
Client Alert 30 Aug. 2022
The EU Adopts the “Maintenance and Alignment” Sanctions Package
Client Alert 24 Jun. 2021
Update on Virtual Notarization (Executive Order 202.7) During the COVID-19 (Coronavirus) Pandemic (Updated: June 24, 2021) — U.S. Insight
Update on Virtual Witnessing (New York Executive Order 202.14) During The COVID-19 (Coronavirus) Pandemic (Updated: June 24, 2021) — U.S. Insight
Client Alert 16 Oct. 2019
Cybersecurity and Privacy Alert
The California Consumer Privacy Act (“CCPA”), the most expansive data privacy law passed in the United States to date, takes effect on January 1, 2020.
With this deadline fast approaching, businesses must act now to ensure timely compliance with the CCPA and to avoid potentially severe financial penalties. We provide the following list of action items to assist businesses in getting started with their compliance efforts.
Determine whether you are affected by the CCPA
The CCPA applies to any for-profit entity that:
Audit the personal information you collect, store, and sell
Under the CCPA, a business must take stock of the personal information it collects, stores, and sells. The CCPA’s definition of “personal information” is extremely comprehensive – it includes any “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” A “sale” is also broadly defined under the CCPA, covering any disclosure of data to a third party for “monetary or other valuable consideration.”
Assess your data security practices
Under the CCPA, Consumers whose personal information is subject to a security breach, as a result of a business’s failure to provide “reasonable security,” may have a private right of action against the business, which could result in statutory damages up to $750 for each affected Consumer.
Implement a system for responding to Consumers’ CCPA requests
Under the CCPA, Consumers have the right to access, and request the deletion of, the personal information a business has collected about them. Businesses must make available at least two methods for Consumers to submit requests, including a toll-free telephone number and a website address (if the business has a website), unless the business operates exclusively online and has a direct relationship with Consumers, in which case it need only provide an email address for submitting requests. In responding to requests, businesses must be able to verify that the request came from the Consumer about whom the personal information relates, or from a person authorized to act on the Consumer’s behalf. In addition, if a business sells Consumers’ personal information, it must provide a link on its website homepage labeled “Do Not Sell My Personal Information” to enable Consumers to opt out of the sale of their personal information at any time.
Review vendor contracts
In order totake advantage of the CCPA’s exceptions related to the sharing of personal information with service providers and third parties, businesses should review (and potentially revise) their vendor contracts.
Remember that GDPR compliance is not enough
Businesses can leverage their existing compliance programs for the EU’s General Data Protection Regulation (“GDPR”), as the GDPR and CCPA share some key similarities, but compliance with the GDPR does not equate to compliance with the CCPA.
Stay tuned for more CCPA developments
Even upon the publishing of this Alert, the CCPA continues to be shaped through legislative amendments and proposed regulations from the California attorney general, with additional changes likely on the horizon before the CCPA takes effect at the end of the year.
To discuss how to ensure that your business is compliant with the CCPA, please get in touch with your usual Curtis contact, or the attorneys linked in the sidebar.
Attorney advertising. The material contained in this Client Alert is only a general review of the subjects covered and does not constitute legal advice. No legal or business decision should be based on its contents.
Data Protection and Privacy Law
Jonathan J. Walsh
+1 212 696 6000
News 29 Nov. 2023
Partner Dr. Alexandra G. Maier Wins the 2024 Lexology Client Choice Award for the Mining Experts Category
Event 20 Nov. 2023
Mohannad A. El Murtadi to Moderate a Panel on New York’s First Africa Arbitration Day
Event 15 Nov. 2023
Fernando Tupa Speaks on Latin America Perspectives on Investor-State Dispute Resolution at Columbia University