CCPA Compliance

The California Consumer Privacy Act (CCPA) went into effect in 2020, making California the first U.S. state to enact a privacy law as stringent as the European Union's General Data Protection Regulation (GDPR). The CCPA was created to strengthen the existing privacy rights of California residents and establish new protections. Under the CCPA, California consumers have the right to:

• Know what personal information a business has collected about them
• Receive a copy of that information
• Request that the information be deleted
• Know if their information has been disclosed or sold, and to whom
• Refuse the sale or disclosure of their personal information
• Be notified when their data is being collected

The CCPA does not impact every company that does business in California. Instead, it applies to companies that meet one or more of the following conditions:

• Has an annual gross revenue of over $25 million
• Receives, buys, or sells information related to at least 50k consumers
• Earns more than half its annual revenue from the sale of consumers’ personal information

A business found in violation of the CCPA could be fined by the state attorney general’s office. Additionally, if personal consumer information is leaked in a data breach, a business could be sued for monetary damages.

If the CCPA applies to your business, you’ll need to update your privacy policies to comply, have a system in place to process data requests, and know how you’ll respond in the event of a data breach. At QuisLex, we draw on our expertise in regulatory compliance to evaluate existing policies and implement customized solutions to reduce your risk exposure. We can:

• Implement protocols to ensure CCPA compliance
• Conduct privacy assessments
• Respond to Data Subject Access Requests (DSARs)
• Draft and negotiate data processing agreements

Beyond the CCPA, we also manage compliance protocols for regulations such as GDPR, the Personal Information Protection Law (PIPL), and the Personal Information Protection and Electronic Documents Act (PIPEDA). With an in-house team of programmers and data scientists, we can advise our clients on different legal technology solutions to ensure your data collection processes comply with these laws.

Since 2004, QuisLex has worked to support in-house legal teams at global 100 law firms and large corporations around the world. Combining advanced technology capabilities with knowledge of data privacy laws in more than 30 domestic and international jurisdictions, we create sophisticated legal compliance solutions, always tailoring our efforts to our client’s needs.

Our goal is to help you meet the challenges of resource constraints and cost management while offering unparalleled outsourcing services for complex legal work. And with state-of-the-art security protections at our New York and India headquarters, you can rest assured that your data is safe. To learn more about QuisLex, contact us today.