Stubbs Alderton & Markiles attorneys Mallory Petroli and Heather Antoine were featured in the Daily Journal for their article "CCPA Enforcement and Final Regulations." Since the California Consumer Privacy Act went into effect on Jan. 1, many businesses have been eager to receive the promised accompanying regulations. Without the final version of regulations, varying interpretations of the CCPA, and the need to revise policies and procedures on a rolling basis, have been quite burdensome. But the wait is over.
To read the full article "CCPA Enforcement and Final Regulations” visit here.
Mallory Petroli is an Associate in the Firm’s Privacy & Data Security and Intellectual Property & Technology Transactions practice groups. Mallory’s practice focuses on global data privacy, data protection, cybersecurity, digital media, direct marketing information management, and other legal and regulatory issues. She focuses on these issues in the context of: (i) advisory matters, such as new privacy and security laws and regulations around the globe (e.g. GDPR, CCPA, COPPA, PIPEDA, GLBA and others) including the enforcement of foreign judgments, as well as (ii) domestic and international technology transactions related to IoT, blockchain, mobile, cloud, data monetization, and other initiatives, including mergers & acquisitions, sourcing, distributor, business partner, and other third party arrangements. Mallory also counsels companies in crisis matters, such as data security events, regulatory and governmental inquiries related to privacy and security issues, internal investigations, litigation-related matters, and prevention measures. Mallory also regularly assists clients on transactional intellectual property matters such as structuring and negotiating technology commercialization deals and IP license agreements. These include strategic alliances, research and development collaborations, trademark licensing and brand merchandising agreements and manufacturing, distribution and marketing arrangements.
Heather A. Antoine is a Partner and Chair of the Firm’s Trademark & Brand Protection practice and Co-Chair of the Privacy & Data Security practice group. Heather’s practice focuses on protecting a company’s intellectual property; a fundamental feature of every business. Heather’s practice includes trademark clearance and selection, domestic and foreign trademark prosecution, enforcement, proceedings before the Trademark Trial and Appeal Board (TTAB), licensing, trade secret protection, copyright, rights of publicity, domain names disputes, and general client counseling. Heather believes in supporting companies at each stage – from due diligence when choosing a name, to ongoing brand management, to ensuring portfolios are safeguarded and ready for sale. Heather is also focused on guiding businesses through the ever-expanding maze of privacy laws, both domestically and internationally. This includes drafting website policies, compliance with specific privacy laws (such as the General Data Protection Regulation (GDPR), the Children’s Online Privacy and Protection Act (COPPA), and the California Consumer Privacy Act (CCPA)). Heather works with companies to design and strengthen their privacy and data security policies and practices, to help them prevent data security breaches, and to minimize the risks associated therein.
For more information on our Privacy & Data Security Practice contact Heather Antoine at
Effective January 1, 2020, the California Consumer Privacy Act (the “CCPA”) will grant new rights to California residents and impose restrictions on certain businesses that collect “personal information” from residents.
Many will assume they don’t collect personal information, however, under the CCPA, “personal information” is defined broadly as anything that directly or indirectly identifies, describes, or can reasonably be linked to a particular person or household. While some of what is classified as “personal information” may seem apparent (name, street address, email address, credit card numbers, etc.), “personal information” under the CCPA also includes wide-ranging identifiers that are not so apparent, such as account name, physical description, inferences drawn from other available information, as well as technical information such as internet browsing history, IP address, geolocation data, website preferences, etc. Under this standard, most business that operates anything but the simplest of websites will likely be collecting personal information within the meaning of the CCPA.
Does the CCPA apply to your business?
The CCPA applies to any business that transacts business in California (which includes online sales to a California resident) and meets any one of the following criteria:
While receiving information from 50,000 consumers may sound like a high number, it comes out to just under 140 consumers, households, or devices per day. Keep in mind, each “device” may count separately.
The CCPA applies to my business, what are my obligations?
Under the CCPA, California consumers have several overarching rights. These include the right to know what personal information is being collected, whether their personal information is sold or disclosed and to whom, and the right to say “no” to the sale of that information. Californians also have the right to access their personal information, and the right to equal service and price, even if they exercise their privacy rights.
More specifically, consumers can:
Of note, there are a number of proposed amendments pending before the California legislature. The amendments are as diverse as they are contentious. However, there are many that appear likely to pass that are largely intended to provide clarification to the CCPA, which was hastily passed. If you believe the CCPA impacts you, you should follow these developments.
With six months to go before the CCPA takes effect, the time to start preparations for compliance is now. The requirements of the new CCPA are cumbersome and will take time to implement. In most cases, online businesses will need substantial modification to their existing privacy policies and terms of use. Preparation is important as penalties for non-compliance can be severe. A business that is found in violation of the CCPA may be liable for up to $2,500 per violation, and $7,500 per intentional violation.
For more information, including an assessment of your existing policies, please contact Heather Antoine at or (818) 444-4500.