S&C Critical Insights – The California Consumer Privacy Act

January 7, 2020



On January 1, 2020, the California Consumer Privacy Act (CCPA), will have the potential to radically change how companies handle personal data. In this episode, John Evangelakos and Nader Mousavi, co-heads of S&C’s Cybersecurity and Intellectual Property & Technology Transactions Groups, discuss the CCPA’s requirements, its definition of “personal information,” the rights of California consumers under the Act, compliance and enforcement, and more.

John has advised clients on issues relating to unauthorized access to customers’ personal data, disclosure considerations arising out of unauthorized access to servers and confidential information, coordinating with federal law enforcement officials and regulatory authorities, governance responsibilities for cybersecurity, and the assessment and oversight of vendors with respect to cybersecurity matters.

Nader has advised clients on cybersecurity issues since the beginning of his career. He regularly advises companies in assessing and mitigating information security risks involved with mergers, acquisitions, spin-outs, joint ventures, restructurings and financings. Mr. Mousavi also has extensive experience advising clients on the California Consumer Privacy Act and other privacy regulations, as well as mitigation strategies in the context of cybersecurity breaches.

Sullivan & Cromwell’s Cybersecurity Group excels in the areas of cybersecurity that are critical to clients. We advise complex institutions on cybersecurity preparedness, incident response, disclosure controls and procedures, post-breach investigation, complex litigation, and corporate governance in cybersecurity. We leverage our firm’s cross-disciplinary expertise in advising Fortune 500 companies, regulated institutions, and multinational corporations to accomplish our clients’ objectives.

Subscribe to our S&C Critical Insights podcast series on SpotifyApple PodcastsStitcherYouTube or Podbean.