What Is the CCPA and Why Should Litigators Care?

By Diana Iketani Iorlano, CIPP/E, CIPP/US, CIPM

Diana Iketani Iorlano is a privacy lawyer, business litigator, and outside general counsel to companies ranging from small businesses to large corporations. She is the Founder and Managing Attorney of Iketani Law in El Segundo and is a member of the Solo and Small Firm and Litigation Sections of CLA. Diana is a member of the International Association of Privacy Professionals (IAPP) and is a Certified Information Privacy Professional/ U.S. (CIPP/US), Certified Information Privacy Professional/ Europe (CIPP/E), and Certified Information Privacy Manager (CIPM).

In recent years, data privacy in the U.S. and California has gone from an "emerging" topic to a "mainstream" one. This is especially true with the passage of a new consumer privacy law called the California Consumer Privacy Act (CCPA; Civ. Code, § 1798.100 et seq.). Effective January 1, 2020, the goal of the CCPA is to enhance privacy rights and consumer protection for California residents. However, due to the state’s outsized influence as a technology hub and the world’s fifth largest economy, and because Congress to date has been unable to pass a comprehensive federal data protection law that would preempt California’s new law, the CCPA has become the de facto national data protection standard for almost any size company that collects data about consumers.

Similar to its European data privacy counterpart, the General Data Protection Regulation (GDPR), the CCPA has major financial and legal implications for companies that do business involving California residents, ranging from large technology and social media companies to Adtech and even to small and medium-sized businesses located both in and out of the state. Due to hastily drafted definitions, the CCPA emerges as simultaneously broader, yet more specific, than GDPR.