By Dean Short

The California Consumer Privacy Act (CCPA) of 2018 is now effective.  On January 1, 2020 California residents obtained new rights under the most comprehensive data privacy legislation ever enacted on U.S. soil.  By all accounts the CCPA is applauded by privacy and consumer rights advocates and misunderstood by most businesses that need to comply.  The law has gained national attention due to its broad and sweeping nature and unfortunately the lack of certainty for businesses to comply with the hastily passed law.  That said, other states are lining up to enact similar laws building on the momentum of the CCPA.

Mandatory Privacy Policy Update:

Anyone with an email account has noticed the recent barrage of notices by companies that have updated their privacy policies in accordance with the new CCPA requirements.  The CCPA specifically mandates that companies that are subject to the new law must adjust their privacy policies to bring them into compliance with the new law.  The CCPA’s linchpin is transparency of data collection, storage and transfer.  To comply with the CCPA, companies must update their privacy policies to describe the categories of information they collect, how they collect it and to whom they share or sell personal data.  Further, the new privacy policy must spoon-feed California residents by directing them how to enforce their new rights.

Responding to California Resident Requests:

The CCPA requires companies to respond to verified requests from California residents to access or delete their data.  Some companies have already received requests from consumers requesting that their information be deleted.  The CCPA describes how consumer requests should be handled including requirements for verification of the requests, timeframes for responding and the rules for when a company is not required to take action after receipt of a legitimate request.  Questions remain such as how to handle requests from residents when the data is still necessary to perform services for the CA resident.  The rules are fairly specific but do allow room for interpretation which is not ideal for company personnel demanding a guarantee that their company is in compliance.

More Data Privacy Laws to Come…

By all accounts the CCPA has resulted in the net effect of companies beginning to acknowledge the importance of sensitive data collection, storage and sharing.  Perhaps the reason this new law has generated interest so broadly is that we are in a period of flux regarding data privacy rights and companies’ ability to use consumers’ data.  In ten years it will be fascinating to look back at this new privacy law and deem whether it was truly the watershed moment for data privacy rights in the United States.

The CCPA is likely the tip of the iceberg of data privacy laws that will be passed in the coming years.  In fact similar laws are soon to follow in Nevada and New York.  Preparation for the CCPA’s stringent requirements will likely result in far less work to comply with other States’ new laws.  Now is the time to start thinking about compliance with the CCPA in order to get ahead of the tidal wave of imminent data privacy laws across the U.S.

Dean Short & Bear Flag Services LLC

Dean Short is a Montage Freelance Attorney and the founder of Bear Flag Services, LLC, a data privacy focused third party service provider that assists with CCPA and other data privacy law compliance.  Mr. Short previously worked at Dykema and Tucker Ellis in Los Angeles before working in-house with Toshiba in Irvine, CA then starting his own legal practice based in Newport Beach.  Mr. Short is proudly a University of San Diego School of Law alumni.

Bear Flag Services, LLC can help your company get into compliance with the CCPA.  BFS is a CCPA specific services company based in Irvine, California.  BFS is focused on helping its customers get into compliance with the CCPA’s administrative requirements including handling consumer requests and updating company privacy policies in compliance with the CCPA.  Please visit our website and set up a consultation at or email us at


The post Why Companies Should Comply with the CCPA Today appeared first on Montage Legal Group.