California Consumer Privacy Act lawyers in San Francisco

The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are two pieces of legislation designed to enhance San Francisco privacy rights and consumer protection for residents of California, including residents of San Francisco. Here’s a breakdown of the key rights these laws grant to California consumers and how our data privacy lawyers can help:

California Protects Your Privacy Rights

California leads the nation in consumer privacy protections, and the laws governing how businesses collect, use, and share personal data are among the most comprehensive in the world. Understanding your rights under California privacy law – and knowing when those rights have been violated – is the foundation of effective legal action. 

At Matern Law Group, our San Francisco employment lawyers and data privacy attorneys address the full spectrum of privacy concerns affecting workers and consumers, from unauthorized data disclosures to failures in regulatory compliance.

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act established a landmark framework for data privacy rights, giving California consumers meaningful control over their personal information. Businesses that fail to comply with CCPA regulations face significant legal exposure – and our litigation team is prepared to act. The CCPA grants San Francisco residents the following core rights:

• Right to Know: Consumers have the right to know what personal information businesses collect about them, the purpose of its collection, and with whom it is shared.
• Right to Delete: Consumers may request deletion of their personal information held by any covered business, subject to limited exceptions under the act.
• Right to Opt-Out: Consumers can opt out of the sale of their personal information to third parties, a critical protection under CCPA regulations.
• Right to Non-Discrimination: Businesses may not discriminate against consumers who exercise their rights under the act, including through pricing differences or reduced services.

California Privacy Rights Act (CPRA)

The California Privacy Rights Act significantly expanded the privacy act framework established by the CCPA. It introduced new consumer rights, strengthened enforcement mechanisms, and created an independent regulatory authority. Understanding the CPRA’s expanded regulations is essential for both consumers and businesses operating in California.

• Right to Correction: Consumers may request correction of inaccurate personal information held by businesses, adding an important accountability layer to existing privacy law.
• Right to Limit Sensitive Data Use: Consumers can restrict how businesses use sensitive personal information – including health, financial, and precise geolocation data – to only what is necessary to deliver requested services.
• Expanded Right to Know: Building on the CCPA’s privacy act protections, the CPRA requires businesses to disclose how long they retain each category of personal information.
• Mandatory Risk Assessments: Businesses must conduct regular cyber risk assessments and cybersecurity audits for data processing activities that present significant risks to consumer privacy.
• CPPA Establishment: The CPRA created the California Privacy Protection Agency (CPPA), which is responsible for implementing, enforcing, and interpreting both the CCPA and CPRA regulations.

Cyber Incidents, Workplace Privacy & Your Rights

California privacy laws extend well beyond consumer transactions – they also govern how employers handle employee data and how businesses must respond when a privacy violation occurs. 

In the workplace, the CPRA gives employees the right to know what personal information their employer collects, to request corrections, and to limit the use of sensitive data such as health records, financial details, and location tracking. Employers covered by these privacy laws must provide clear notice explaining what data is gathered and how it is used – and failure to comply with these regulations can expose them to significant liability.

Anyone affected by a workplace data privacy violation is encouraged to document any notices received, monitor for signs of misuse, and consult a qualified attorney to understand their options. Understanding how California privacy law applies is an essential first step toward protecting your rights.