Print PDF
California AG Announces CCPA Investigative Sweep
,

In advance of International Data Privacy Day, California Attorney General Rob Bonta announced on January 27, 2023, that his office had initiated an “investigative sweep” of businesses that may not be complying with the California Consumer Privacy Act (CCPA). According to the announcement, the investigation is focused on 1) retail, travel, and food service apps that either do not honor consumer opt-out requests or do not provide the appropriate mechanisms for consumers to stop the sale of their data; and 2) businesses that fail to process consumer requests submitted via an authorized agent.

In light of AG Bonta’s announcement, companies doing business in California may want to re-assess whether they are subject to the CCPA, including the provisions of that law that have been amended by the California Privacy Rights Act (CPRA), and whether their policies and practices comply with the law. Indeed, with the CPRA having taken effect on January 1, 2023, covered businesses should understand that the scope of the CCPA is now much broader than before. For example, the CPRA gave consumers additional rights (e.g., the right to correct and the right to opt-out of sharing), removed exemptions for certain categories of personal information (e.g., business-to-business data and employment-related data), and imposed additional requirements on covered businesses.

The CPRA also created the California Privacy Protection Agency (CPPA), a new regulatory body dedicated exclusively to privacy regulation. The CPPA will have full administrative-enforcement authority over the CCPA as of July 1, 2023, and the agency has been actively engaged in rulemaking activity since its creation. Coincidentally, the CPPA published additional rulemaking materials last week and is likely to undertake significant enforcement efforts in the second half of this year. Now is therefore an opportune time for covered businesses to review their compliance efforts and prepare for any regulatory changes that may be coming.

Please contact Patrick Emerson McCormick, CIPP/US or another member of Lewis Roca’s Data Protection and Cybersecurity team for more information about the CCPA/CPRA and other state privacy and cybersecurity laws that may affect your organization.

Tags: Data Privacy and Cybersecurity
  • John C. Gray, CIPP/US
    Of Counsel

    John Gray is Of Counsel in Lewis Roca’s Litigation Practice Group and leads the firm’s Data Privacy and Cybersecurity Group.  He is also a member of the firm’s AI Task Force.

    As a litigator, John has more than a decade of experience in Arizona, California, and other forums across the ...

  • Patrick Emerson McCormick, CIPP/US
    Associate

    Patrick is an associate in the firm's Litigation, Data Privacy and Cybersecurity, and eDiscovery Practice Groups. Patrick is a Certified Information Privacy Professional (CIPP/US) and assists clients on all aspects of data privacy and cybersecurity compliance and response, from ...

About This Blog

Lewis Roca is immersed in your industry and invested in your success. We share insights and trends that can affect your business.

Search

Topics

Archives

Authors

Recent Posts

Jump to Page

How Can We
Help You?

By using this site, you agree to our updated Privacy Policy and our Terms of Use.