As plaintiffs’ lawyers continue to experiment with methods to use the California Customer Privateness Act (CCPA) to obtain quasi-discovery, queries exist irrespective of whether they may perhaps attempt to leverage the obligations imposed by the CCPA on legislation firms. Whilst the CCPA states that the “obligations imposed on firms by Sections 1798.110 to 1798.135 [of the CCPA], inclusive, shall not use wherever compliance by the business with the title would violate an evidentiary privilege under California legislation ,”[1] it is vital to notice that the exception does not appear to implement to the obligations imposed by Part 1798.100 of the CCPA. That omission is relevant because Section 1798.100 is made up of inside of it a prerequisite that a business enterprise ought to, in reaction to an accessibility ask for, “provide” to a purchaser “specific items of personalized information the company has collected” about the personal.[2] The web consequence is that the part of the CCPA that discusses exemptions for privileged resources could not immediately avert a California resident from requesting that a law firm disclose privileged data that relates to the California resident. A law organization that receives an access ask for that seeks privileged information and facts should really think about one particular, or additional, of the adhering to substitute grounds upon which to refuse the ask for:

  • The CCPA states that it shall not limit a business’s capacity to “[e]xercise or protect authorized statements.”[3] The forced disclosure of privileged details would interfere with the legislation firm’s capacity to defend the lawful promises of its clientele, and the law firm’s clients’ capacity to work out or defend its individual promises by means of the assistance of the law firm.

  • If a regulation firm’s contract with its customer meets the statutory definition of a company service provider underneath the CCPA, the restrictions applying the CCPA permit the regulation company to refuse an entry request by informing the requesting eat that “the request simply cannot be acted upon due to the fact the ask for has been sent to a provider service provider.”[4]

It is significant to take note that the hole within the evidentiary privilege exception in the CCPA was tackled by the California Privacy Rights Act (CPRA), which removed from Section 1798.100 the obligation to present personal facts pursuant to an access request. The amendment does not, nevertheless, grow to be operative right up until Jan. 1, 2023.


[1] Cal. Civ. Code § 1798.145(b).

[2] Cal. Civ. Code § 1798.100(a), (c), (d) (Oct. 2020).

[3] Cal. Civ. Code 1798.145(a)(5).

[4] CCPA Reg. 999.314(e). See also FSOR Appendix A at 174 (Response 539).


©2020 Greenberg Traurig, LLP. All legal rights reserved.
Countrywide Law Review, Volume XI, Range 15