News - Announcements

The California Privacy Rights Act (CPRA), which significantly amended the California Consumer Privacy Act (CCPA), has established a robust framework for consumer data privacy. Businesses need to understand the nuances of "personal information" and "sensitive personal information" under CPRA as it is crucial for achieving and maintaining compliance. What is "Personal Information" under CPRA? The CPRA adopts a broad definition of "personal information" (PI), encompassing any information that "identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household." This includes, but is not limited to: Identifiers: Real name, alias, postal address, unique personal identifier, online identifier (e.g., IP address, cookie ID), email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. Customer Records Information: Signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Characteristics of Protected Classifications: Under California or federal law (e.g., age, race, religion, gender, sexual orientation). Commercial Information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Biometric Information: Physiological, biological, or behavioral characteristics, including DNA, used or intended to be used, separately or in combination with other data, to establish individual identity (e.g., fingerprints, facial recognition). Internet or Other Electronic Network Activity Information: Browse history, search history, and information regarding a consumer's interaction with an internet website, application, or advertisement. Geolocation Data: Information that indicates the precise location of an individual or device. Sensory Data: Audio, electronic, visual, thermal, olfactory, or similar information (e.g., call recordings, CCTV footage). Professional or Employment-Related Information. Inferences: Information drawn from any of the above to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. It is important to note that personal information does not include publicly available information from federal, state, or local government records (e.g., professional licenses, public real estate records). What is "Sensitive Personal Information" (SPI) under CPRA? The CPRA introduced a new, more protected category of personal information: Sensitive Personal Information (SPI) . This subset of PI requires heightened safeguards due to its potentially intimate or revealing nature, and consumers have additional rights regarding its use and disclosure. SPI includes personal information that reveals: A consumer's Social Security number, driver's license number, state identification card, or passport number. A consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account. A consumer's precise geolocation. A consumer's racial or ethnic origin, religious or philosophical beliefs, or union membership. The contents of a consumer's mail, email, and text messages, unless the business is the intended recipient of the communication. A consumer's genetic data. The processing of biometric information for the purpose of uniquely identifying a consumer. Information concerning a consumer's health. Information concerning a consumer's sex life or sexual orientation. Key Differences and Why They Matter for Businesses The distinction between general "personal information" and "sensitive personal information" is critical because the CPRA imposes additional obligations and consumer rights specifically for SPI. Heightened Protection: Businesses handling SPI must implement more robust security measures to protect this data from unauthorized access or disclosure. Right to Limit Use and Disclosure: Consumers have a new right to direct businesses to limit the use and disclosure of their SPI to only those purposes necessary to perform the services or provide the goods reasonably expected by an average consumer. This means businesses generally cannot use or disclose SPI for other purposes, such as cross-context behavioral advertising, without explicit consumer permission. Dedicated Opt-Out Link: Businesses that use or disclose SPI for purposes other than those allowed by the CPRA must provide a "clear and conspicuous link" on their homepage(s) labeled "Limit the Use of My Sensitive Personal Information." This is in addition to the "Do Not Sell or Share My Personal Information" link for general personal information. Notice at Collection: Businesses must clearly disclose the categories of SPI collected, the purposes for which it is collected or used, and whether it is sold or shared. What Businesses Need to Know for CPRA Compliance: To effectively comply with the CPRA, businesses must undertake a comprehensive approach to data privacy, with a particular focus on the differentiated treatment of personal and sensitive information: Data Inventory and Mapping: Identify all types of personal information you collect, store, process, and share. This includes data from customers, employees, job applicants, contractors, and business-to-business (B2B) contacts (as CPRA largely removed previous exemptions for employee and B2B data). Specifically identify and classify any sensitive personal information (SPI) collected. Map how data flows across your organization, including transfers to third parties, service providers, and contractors. Update Privacy Policies and Notices: Clearly disclose the categories of personal information and sensitive personal information collected. State the purposes for which each category of information is collected and used. Specify retention periods for all categories of personal and sensitive information, ensuring data is not kept longer than "reasonably necessary" for the disclosed purpose. Explain consumer rights under CPRA, including the right to know, delete, correct, opt-out of sale/sharing, and limit the use of sensitive personal information. Implement Opt-Out Mechanisms: Provide "Do Not Sell or Share My Personal Information" and "Limit the Use of My Sensitive Personal Information" links on your website homepage(s) and other relevant data collection pages. Ensure these links lead to user-friendly pages where consumers can easily exercise their rights. Maintain records of opt-out requests for at least 12 months. Data Minimization and Security: Collect only the personal information and SPI that is absolutely necessary for your disclosed purposes. Implement robust security measures to protect all personal information, with heightened safeguards (e.g., encryption, access controls) for SPI. Develop a comprehensive incident response plan. Respond to Consumer Requests: Establish clear and efficient processes for responding to consumer requests to access, delete, correct, opt-out of sale/sharing, and limit the use of their personal and sensitive information. Ensure timely responses (typically within 45 days, with a possible 45-day extension). Notify service providers, contractors, and third parties to whom data has been shared when a deletion request is received. Third-Party Contracts: Review and update contracts with service providers and third parties to ensure they are also compliant with CPRA obligations, especially regarding data protection and consumer rights. Training: Provide regular training to all employees who handle personal data on CPRA requirements and best practices for data privacy and security. By diligently addressing these areas, businesses can navigate the complexities of CPRA, protect consumer privacy, and mitigate the risks of non-compliance, including significant penalties from the California Privacy Protection Agency (CPPA). For any business operating in California or collecting data from California residents, a proactive and well-informed approach to data privacy is no longer optional, but a legal imperative. Brinda Bellur is a dual-licensed attorney in California and India, with extensive experience in both litigation and transactional matters. She holds an LLM from UC SF Law (formerly UC Hastings) and certifications in privacy (CIPP/US, IAPP) and commercial contracts (UC Berkeley Law Executive Education).

Jahangiri Law Group is proud to announce that we have been recognized as the recipient of the prestigious Diversity Award, 2024, presented by the Contra Costa County Bar Association. This honor celebrates our unwavering commitment to fostering inclusivity, equity, and representation within our legal practice and the broader community. At Jahangiri Law Group, diversity is not just a value—it is a cornerstone of our mission. We believe that embracing a wide range of perspectives strengthens our ability to serve our clients and contribute to a more just and equitable society. This award is a testament to the collective efforts of our team and our dedication to creating meaningful change. We extend our heartfelt gratitude to the Contra Costa County Bar Association for this recognition. As we celebrate this achievement, we reaffirm our pledge to continue championing diversity and inclusion in all that we do.

Our Office Has Moved

Finding out which state to incorporate one’s business is an important step for any company. For many years now, Delaware has been considered the best state to incorporate in. However, recently, California has made strides in exhibiting itself to be a strong environment to start a business. Both states have their pros and cons related to this issue, and each company must make a unique decision tailored to their business on which factors are more important to them. Delaware is known to be extremely legally and economically friendly to businesses, and it is the reason the state houses almost two million businesses. Delaware corporate law is known to be flexible with respect to shareholder rights and company structure (Stripe). It is known to be a merger friendly state and valuable for those investing in venture capital or private equity. Delaware also has its own, unique court called the Court of Chancery dedicated to corporate issues. The Court of Chancery makes decisions only through judges, which are assigned based on merit, and it has been established for many years now (Stripe). Delaware is also known to be a tax friendly state. It does not have income tax for businesses which are based outside of Delaware. In addition, any company that is incorporated in Delaware but does not practice business in the state, does not have to pay the state’s corporate income tax (Stripe). Company shareholders who do not live in Delaware also do not need to pay taxes on their shares. Investors are also more likely to invest in Delaware businesses due to their business and shareholder friendly laws and easy access to incorporation. Despite all these benefits to incorporating in Delaware, there are also a few downsides to doing so. Regardless of whether a business practices in Delaware or not, any company that incorporates there must pay an annual franchise tax which can range from $175 to $200,000 (Stripe). In addition, any company in Delaware that is incorporated but does not practice there, is required to identify as a foreign entity and will therefore be subjected to much more paperwork (Stripe). Finally, Delaware’s corporate laws are known to be advantageous to larger companies but are not friendly toward smaller businesses and startup companies. This may deter some people from starting and incorporating a business in Delaware. Incorporating business in California also has various different benefits. California businesses which do business inside the state are especially at an advantage. This is because local businesses obviously do not need to identify as a foreign entity in California, and therefore they will have to deal with far less paperwork (Stripe). In addition, California businesses have higher credibility and name recognition with distributors, investors, and customers because of the value that California’s market has. Furthermore, California law is also known to shield minority shareholders from unfair or discriminatory practices or treatment (Stripe). Finally, California is well known for startups and innovation, especially in the technology sector centered around Silicon Valley. Many of the corporate laws in California tend to be more favorable towards up-and-coming businesses incorporated in the state. While there are great pros to incorporating in California, there are also some cons which may concern business owners. California has a higher base level of minimum taxes, which is about $800 annually regardless of the company’s income (Stripe). In addition, California is also generally stricter and more scrutable with laws involving privacy, labor, and EPA standards (Stripe). California’s high cost of living and tax laws are also a major deterrent from businesses setting up shop in the state. Overall, both Delaware and California have strong advantages and disadvantages of incorporating a business in each respective state. A business owner must make a choice of where to incorporate based off of factors which are important to them. Delaware is known for flexible corporate laws, the respected Court of Chancery, increased privacy for businesses, and being friendly to investors and large corporations. On the other hand, California corporate law is protective of its employees, highly credible, and better for new businesses and startups. Finding a state to incorporate one’s business is a crucial decision and both Delaware and California are good options. Works Cited Stripe. (2023a, November 29). Incorporating in Delaware vs. California: How to decide. Stripe. https://stripe.com/resources/more/incorporating-in-delaware-vs-california Before you establish your business, it is vital to meet with our legal team. We can discuss your specific situation and any business needs you want to meet. The San Ramon business formation lawyers at Jahangiri Law Group, APC take as much time as is necessary to make sure that you are secure in your decision. JAHANGIRI LAW GROUP handles matters involving contracts (written and oral), trials, arbitrations and appeals in the areas of business, corporate, commercial, and real estate litigation, and transactional law. We offer services to diverse cultures and can assist in Urdu, Hindi, Punjabi and Spanish. We are based in San Ramon, California, but provide services throughout the entire San Francisco Bay Area. We are open from 9:00 a.m. to 5:00 p.m., Monday to Friday. To make an appointment please call 925-574-0100.

Jahangiri Law Group is an engaging and a very busy business and real estate litigation firm and is seeking an attorney with 1 - 3 years of civil litigation experience.

Congratulations to this year’s recipients. Thank you for your contributions to our community. JLG is a proud member of the Chamber and believes that through community, small businesses will thrive. Are you a member?

Jahangiri Law Group is pleased to announce that it has recently been certified by the Western Regional Minority Supplier Development Council as an official Minority Business Enterprise! In order to qualify for this certification, Jahangiri Law Group met the following criteria: ● Business must be for-profit ● Business must be located in Northern California, Nevada, or Hawaii ● Business must be at least 51% ethnic minority-owned, operated, and controlled ● Owner(s) must be U.S. citizen(s) and must be authorized to do business by the State and County As a result, Jahangiri Law Group is entitled to the following benefits: ● Business Opportunity Fairs - opportunity for minority entrepreneurs to present themselves to many prospective buyers in Corporate America and among each other ● Executive Education - concentrates training and technical assistance into leadership tools for CEO’s of minority-owned firms ● Marketing - leverage certification status to source contacts with National and Local Corporate Members and MBEs ● Networking - expansion of relationship-building opportunities with corporate buyers and other MBEs ● Recognition & Awards opportunities for the top MBEs for each class