Carlton Fields Launches Toolkit to Streamline Compliance with New California Privacy Law

Cybersecurity and Privacy   |   October 31, 2019
Share Share Page

Carlton Fields has announced that it is providing companies that do business in California with an interactive assessment toolkit to help with California Consumer Privacy Act (CCPA) compliance. The CCPA Toolkit, created by the firm’s Cybersecurity and Privacy Practice, will allow businesses to determine if the CCPA applies to them, assess their current readiness, and begin the process of developing a compliance program. 

On January 1, 2020, California will become the first U.S. state to grant consumers extensive rights to access their personal information and to find out how businesses are handling it. The groundbreaking legislation — which also regulates how businesses collect, use, and transfer personal data — may be a boon for consumer protection, but it will present businesses with significant compliance hurdles and potential liabilities.

The CCPA Toolkit directly addresses that challenge, allowing companies to conduct critical self-assessments and connecting them with attorneys who can further shepherd them through the transition. It is an easy-to-use application, requiring users to answer only a few simple questions about their business and its connections to California and its residents.

“The CCPA grants California consumers more authority over their personal information held by businesses than ever before,” said Carlton Fields’ Cybersecurity and Privacy Chair Joe Swanson. “Preparing for the law is no small task by any means. Our Toolkit is designed to ease the more labor-intensive aspects of their CCPA preparations.”

In addition to the basics about the CCPA, Toolkit users that are subject to the law can receive a deeper analysis of how personal information is categorized (initial data mapping) as well as guidance on consumer rights and business requirements, potential exceptions to CCPA, website and privacy policies, the handling of information requests from consumers, and anti-discrimination guidelines.

Customized reports based on user responses are provided to each user. They include a tailored checklist of compliance action items that may need to be considered and reviewed with legal counsel. 

Companies to which the CCPA does not apply receive a more limited report with information about the CCPA and why it likely does not apply to them. 

The Toolkit will be of great use — not just to California-based businesses — but to U.S. and foreign companies of all sizes that operate in the state or broker information there. If subject to the CCPA, they must be able to respond to consumer requests for information about what personal information their business collects and whether the business sells that information. They must also delete the consumer’s personal information if requested to do so. 

Penalties for non-compliance are severe. Failure to implement reasonable security measures that lead to a data breach could result in a private right of action with statutory damages of $100 to $750 per consumer per incident. The California Attorney General may also pursue enforcement actions for violations of the law.

Along with the CCPA Toolkit, Carlton Fields offers an e-book titled California Consumer Privacy Act: A Reference Guide for Compliance as well as a CyberAPP available on iTunes and Google Play. These CCPA resources follow on the heels of the successful launch of the firm’s GDPR Assessment App, a resource for companies affected by the European Union’s General Data Protection Regulation.

“At Carlton Fields, we take a great deal of pride in the trailblazing work, and the valuable resources, that we provide in the area of data privacy and cybersecurity,” said Steven Blickensderfer, who focuses his practice on privacy and legal issues in technology. “The legal and technological landscapes are shifting on a daily basis. In this environment, law firms and their lawyers must be educators as well as practitioners.”

Subscribe to Publications

Media Inquiries

Contact the Media Team


The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.