Does the CCPA require a law firm to respond to an access request that seeks personal information that it obtained from its client?
Saturday, January 2, 2021
CCPA California Privacy Regulations
Print Mail Download info_icon_img/>i

The CCPA states that the “obligations imposed on businesses by Sections 1798.110 to 1798.135 [of the CCPA], inclusive, shall not apply where compliance by the business with the title would violate an evidentiary privilege under California law . . . .”[1] The exception does not appear to apply to the obligations imposed by Section 1798.100 of the CCPA.

Section 1798.100 currently contains within it a requirement that a business must, in response to an access request, “provide” to a consumer “specific pieces of personal information the business has collected” about the individual.[2] Although the CPRA amended Section 1798.100 by removing the obligation to provide personal information pursuant to an access request, the amendment does not become operative until Jan. 1, 2023.

The net result is that the portion of the CCPA that discusses exemptions for privileged materials may not directly prevent a California resident from requesting that a law firm disclose privileged information that relates to the California resident. Until the CPRA’s amendments take effect, a law firm that receives an access request that seeks privileged information should consider one, or more, of the following alternative grounds upon which to refuse the request:

  • The CCPA states that it shall not restrict a business’s ability to “[e]xercise or defend legal claims.”[3] The forced disclosure of privilege information would interfere with the law firm’s ability to defend the legal claims of its clients, and the law firm’s clients’ ability to exercise or defend its own claims through the assistance of the law firm.

  • If a law firm’s contract with its client meets the statutory definition of a service provider under the CCPA, the regulations implementing the CCPA permit the law firm to refuse an access request by informing the requesting consume that “the request cannot be acted upon because the request has been sent to a service provider.”[4]

[1] Cal. Civ. Code § 1798.145(b).

[2] Cal. Civ. Code § 1798.100(a), (c), (d) (Oct. 2020).

[3] Cal. Civ. Code 1798.145(a)(5).

[4] CCPA Reg. 999.314(e). See also FSOR Appendix A at 174 (Response 539).

©2024 Greenberg Traurig, LLP. All rights reserved.

Current Public Notices

Current Legal Analysis

More from Greenberg Traurig, LLP

GeTtin' SALTy Episode 32 | A Conversation with the Tax Foundation about Oregon Initiative Petition 17 [Podcast]
by: Nikki E. Dobay
Minnesota Supreme Court Creates New Cause of Action for Negligently Hiring an Independent Contractor
by: Lorie Skjerven Gildea
New York Department of Health Previews Proposed PACE Regulations
by: Harold N. Iselin , Elizabeth Corliss Sacco
ESOP Company Transactions: An Alternative Exit Strategy for Founders
by: Rebecca G. DiStefano
FDA Releases Guidance for Final Rule Regulating Laboratory Developed Tests
by: Nicholas J. Diamond , Charles C. Dunham, IV
FinCEN Issues FAQs on Dissolved Entities’ Beneficial Ownership Reporting Requirements
by: Kyle R. Freeny , Marina Olman-Pal
New Presidency in Mexico: International Trade Considerations
by: Guillermo Sánchez Chao , Eduardo Grajales González
Asked & Answered: GT’s Labor & Employment Podcast Episode 9: Navigating the New Frontier: Pay Transparency Laws in Minnesota and Beyond [Podcast]
by: Mikaela Shaw Masoudpour , Kelly Dobbs Bunting
FTC Targets Adobe for Hidden Fees and Deceptive Subscription Practices
by: Timothy A. Butler , Matthew M. White
Recent Federal and State Reproductive Health Developments
by: Adam H. Laughton

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins