California Consumer Privacy Act

Blog Post Authors: John Roberts (; Alec Berin (

As discussed in a prior entry, the California Consumer Privacy Act (“CCPA”) was set to go into effect beginning January 1, 2020 (  California Attorney General, Xavier Becerra, recently issued an advisory for California consumers highlighting their new rights.  The new advisory specifically identifies the following rights:

  • Right to know – Consumers may request that businesses disclose what personal information they collect use, share or sell, in both categories and specific pieces of information;
  • Right to delete –Consumers may request that a business delete the consumer’s personal information held by both the business and, by extension, the business’s service providers;
  • Right to opt-out — Consumers may direct a business to cease the sale of their personal information. As required by the CCPA, businesses must now provide a “Do Not Sell” informational link on their websites or mobile apps;
  • Rights for minors regarding opt-in consent — Children under the age of 16 must provide opt-in consent, with a parent or guardian consenting for children under 13; and
  • Right to non-discrimination — Businesses may not discriminate against consumers, in terms of price or service, when a consumer exercises a privacy right under the CCPA.

Consumers also have the right to bring a civil action if their personal information is released as a result of the breach of a company’s database in instances where the company has failed to reasonably secure that data, from $100 to $750 per incident.  This right of action is especially significant now, as the California Attorney General has said that his office will not begin enforcing the law until July 1, 2020.  So, if your personal information has been compromised as a result of a data breach and you are not satisfied with the company’s response, you may have recourse rather than waiting for the California Attorney General to act.

Not all California businesses are subject to the CCPA.  The CCPA only applies to businesses that:

  1. Have a gross annual revenue of more than $25 million;
  2. Buy, receive, or sell the personal information of 50,000 or more consumers, households, or devices; or
  3. Earn 50% of more of its annual revenues from selling consumers’ personal information.

The legal team at Shepherd, Finkelman, Miller & Shah, LLP (“SFMS”) has significant experience litigating privacy and class action matters. If you have any questions regarding this subject or this posting, please contact John Roberts ( or Alec Berin ( We can also be reached toll-free at  877-891-9880.

SFMS is a law firm with offices in California, Connecticut, Florida, New Jersey, New York, and Pennsylvania. SFMS is an active member of International Advisory Group (, which provides us with the ability to provide our clients with access to excellent legal and accounting resources throughout the globe. For more information about our firm, please visit us at

A Message to Our Clients About Coronavirus COVID-19:

A Message to Our Clients About Coronavirus COVID-19

At Shepherd, Finkelman, Miller & Shah, LLP, we view the safety and well-being of our clients, staff and business partners as our highest priority.

The situation regarding the COVID-19 virus is continually changing, and we are following all recommended guidelines to stay healthy. As a result, our lawyers and staff are working remotely in accordance with the CDC's recommendations. We continue to work for all of our clients and are happy to arrange for phone or video consultations. We are also able to exchange documents via secure drives or email.

Please contact us online or call 866-540-5505 with any questions.

Thank you and take care.