The California Consumer Privacy Act of 2018 is arguably the most expansive piece of privacy legislation in U.S. history. It imposes a number of obligations on covered businesses, including a duty to disclose the categories of personal information (PI) they collect, sell, or share about California consumers, and gives those consumers a right to opt out of the sale of their PI, a right to the deletion of their PI, and the right to receive a copy of the “specific pieces” of PI. Further raising the stakes, the Act also permits Californians to sue when their personal information is accessed, exfiltrated, or stolen as a result of a covered entity’s failure to maintain reasonable security procedures. Our team has been closely monitoring all developments related to the Act, and we have written and presented extensively on the topic to help companies identify gaps and implement compliance measures. We will continue to do so – and report our findings here – leading up to the Act’s January 1, 2020 effective date.