Holland & Knight - California Consumer Privacy Act Newsletter - May 2019 by Holland & Knight

Holland & Knight is a U.S.-based global law firm committed to provide high-quality legal services to our clients. We provide legal assistance to companies doing business or making investments in the United States and Latin America. With more than 1,300 professionals in 28 offices, our lawyers and professionals are experienced in all of the interdisciplinary areas necessary to guide clients through the opportunities and challenges that arise throughout the business or investment life cycles. We assist clients in areas such as international business, mergers and acquisitions, technology, healthcare, real estate, environmental law, private equity, venture capital, financial services, taxation, intellectual property, private wealth services, data privacy and cybersecurity, labor and employment, ESOPs, regulatory and government affairs, and dispute resolutions.

霍兰德奈特律师事务所是一家位于美国的全球性法律事务所，我们致力于向客户提供高质量的法律服务。我们向在美国及拉丁美洲进行商业活动或投资的公司提供他们所需的各类法律协助。我们在 28 个办公室的 1300 多名对各领域有经验的律师及专业人员能够协助客户处理他们在经营或投资过程中所遇到的各种机会及挑战。我们向客户提供法律协助的领域包括国际商业、企业并购、科技法律、医疗法律、房地产、环保法律、私募基金、创投基金、金融法律服务、税务、知识产权、私人财富管理法律服务、信息隐私及网络安全、劳动及雇佣法律、员工持股计划、法令遵循及政府法规、及争议解决。

The California Consumer Privacy Act Is Coming. Is Your Business Ready? By John P. Kern and David I. Holtzman

California signed the California Consumer Privacy Act of 2018 (CCPA) into law on June 28, 2018, and it will take effect on Jan. 1, 2020. So far, the CCPA grants California consumers new rights with respect to the collection and use of their personal information. The sweeping new law will impact the business practices of almost all medium and large companies – irrespective of whether they have any physical presence in California. Just as companies struggled to comply with the General Data Protection Regulation (GDPR), the European Union's data privacy law adopted in 2018, they may struggle to comply with the CCPA. In fact, the CCPA may replace the GDPR as the de facto worldwide standard under a highest common denominator theory (i.e., the idea that because certain of its provisions creates a higher standard of privacy protection than the GDPR, companies will have to establish protocols that meet the CCPA). Highlights of CCPA, include: •

The CCPA imposes a privacy regime in California that is unlike anything seen in the United States.

•

The CCPA establishes new privacy rights applicable to personal information that a covered commercial enterprise collects, stores, discloses or sells about California consumers. "Personal information" is broadly defined to include anything that could be associated with a California consumer.

•

The CCPA empowers California consumers (defined broadly) with unparalleled new rights to demand information, to opt-out of a company's practices, and to delete his/her profiles within companies' systems. Companies may not discriminate against these consumers.

•

Pending legislation in the California legislature (SB 561) may dramatically expand the private right of action provisions. This means that individual California consumers may bring suit against companies for violation of the CCPA. This legislation also may end the current 30-day cure period for CCPA violations.

•

Companies who violate the CCPA are exposed to substantial risk.

WHAT DOES THE CCPA DO? The CCPA gives "consumers" (defined as any person who is a California resident) four basic rights in relation to their personal information:

1. the right to know, through a general privacy policy and with more specifics available upon request, what personal information a business has collected about them, the source of that information, whether the company has disclosed or sold it, and to whom it was disclosed or sold 2. the right to "opt out" of permitting a business to sell personal information to third parties 3. the right to require a company to delete a consumer's personal information 4. the right to nondiscrimination, that is, the right to receive equal service and pricing from a business, even if the consumer exercises their privacy rights under the CCPA

WHAT IS THE CONSUMER'S RIGHT TO HIS/HER PERSONAL INFORMATION UNDER THE CCPA? Pursuant to the CCPA, a consumer has the right to request that a business which collects a consumer's personal information disclose to that consumer the categories and specific pieces of personal information the business has collected. §1798.100(a), Cal. Civ. Code. Additionally, the CCPA grants a consumer the right to request that a business that sells the consumer's personal information, or that discloses it for a business purpose, disclose to that consumer: 1) the categories of personal information that the business collected about the consumer; 2) the categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold; and 3) the categories of personal information that the business disclosed about the consumer for a business purpose. §1798.115(a), Cal. Civ. Code. The CCPA grants a consumer the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer's personal information (i.e., an "opt out" right). The CCPA sets out fairly detailed guidelines about how a company must communicate to consumers the right to opt out, how those companies can deidentify the data they seek to collect to work within the CCPA, and numerous other details about the safe-guarding and treatment of the at-issue data.

WHO IS A CONSUMER UNDER THE CCPA? Any "consumer," which is defined under the law as "a natural person who is a California resident [as defined in tax provisions], however identified, including by any unique identifier." Pursuant to the relevant tax provisions, a consumer includes: 1) every individual who is in California for other than a temporary or transitory purpose, and 2) every individual who is domiciled in California who is outside of California for a temporary or transitory purpose.

WHAT IS PERSONAL INFORMATION UNDER THE CCPA? Under the CCPA, "personal information" means any information that identifies, relates to, describes or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone Copyright © 2019 Holland & Knight LLP All Rights Reserved

number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number or any other financial information, medical information or health insurance information. "Personal information" does not include publicly available information that is lawfully made available to the general public from federal, state or local government records, or which is generally publicly available information, or which has been deidentified or is merely aggregate consumer information (or about a half-dozen other exceptions).

ARE THERE EXEMPTIONS? There are a limited number of exemptions available. For example, it is expressly provided that the obligations imposed on businesses by the CCPA do not restrict a business' ability to "collect, use, retain, sell, or disclose consumer information that is deidentified or in the aggregate consumer information." §1798.145(a)(5), Cal. Civ. Code. Accordingly, some companies may choose to implement deidentification protocols as a means of compliance rather than deal with the complexity and burden of responding to an unknown – and potentially unlimited – number of consumer requests for information, profile deletion and the like. In addition, the CCPA does not apply to protected or health information that is collected by a covered entity governed by federal health privacy laws (e.g., the HIPAA) or financial information governed by certain federal privacy laws. §1798.145(c), Cal. Civ. Code.

WHO MUST COMPLY WITH THE CCPA? The CCPA defines a "business" as any commercial (for-profit) entity that does business in the State of California and meets any one of the following thresholds on an annual basis: 1) generates a gross revenue of more than $25 million 2) buys, receives, sells, or shares "personal information" of 50,000 or more "consumers, households, or devices", or 3) derives 50 percent or more of its revenue from the sale of "personal information" It may seem like this definition will not cover your small business located outside of California; however, a physical presence in California is not required. If you make an online "sale" in California and you buy, receive, sell or share at least 50,000 "pieces" of "personal information" (defined very broadly) – whether collected from California "consumers" or not – you will have to comply with the CCPA. If you make an online sale and your business model primarily involves "selling" information to advertisers, you will also be subject to the CCPA. To underscore the scope, consider this example: If you are any business, anywhere in the world, that does any business in California, you generate more than $25 million per year in gross revenue and you store on your company's servers or in its files an email address – a single email address – of one person who can claim to be a resident of California, then your company must be CCPA compliant.

Failure to comply could subject you to a lawsuit, investigation by the California Attorney General and massive financial liability.

WHAT ARE THE RISKS IN NONCOMPLIANCE WITH THE CCPA? 1. The California Attorney General primarily enforces the CCPA, and it may pursue statutory damages of up to $7,500 for each violation. 2. The CCPA also provides a private right of action that allows consumers to seek, either individually or as a class, statutory or actual damages and injunctive and other relief. Before Feb. 22, 2019, this private lawsuit provision did not seem particularly dangerous for companies, because it was limited to data breaches – not mere noncompliance with the CCPA's strict terms. Moreover, all litigants were required to provide written notification to companies of suspected data breaches, and the companies had a 30-day "cure period" to resolve any problems. On Feb. 22, 2019, SB 561 was introduced in the California legislature to dramatically amend key elements of the CCPA. This proposed amendment, if adopted, will 1) expand the private right of action (right to file civil lawsuits) under the CCPA to cover any noncompliance, and 2) reduce two protective measures for companies contained in the current version of the CCPA. Expansion of the Private Right of Action Under the proposed Amendment, consumers could bring lawsuits not only for data breaches (e.g., unauthorized theft, access), but for mere noncompliance with the CCPA. Under the current version, only the Attorney General had this expanded right. Elimination of Right to Specific Attorney General Guidance The proposed amendment would eliminate the current option for a business or third party to seek the opinion of the Attorney General for guidance on how to comply with the CCPA. The amendment would strike this option and instead require the Attorney General to publish general public guidance about the law. Elimination of the 30-Day Cure Period Finally, the proposed amendment would eliminate the 30-day cure period currently provided for under the law. There is no date set for a vote on this proposed, significant amendment, but many commentators believe it will be adopted as part of the final law, as it was proposed specifically in response to complaints from voters and consumers that the exiting provisions of the CCPA were too weak and favorable to business. The most significant impact, if the amendment is adopted, will likely be a deluge of class action lawsuits against companies – especially the larger ones – who fail to comply with the requirements of the CCPA.

IF A BUSINESS COMPLIES WITH GDPR, DOES IT NEED TO CHANGE ANYTHING? The General Data Protection Regulation (GDPR) are rules under European Union (EU) law on data protection and privacy for all individuals within the EU and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give individuals control over their personal data and to simplify the regulatory environment for international businesses by unifying the regulation within the EU. The GDPR applies to companies based outside the EU, if they collect or process personal data of individuals located inside the EU. Both the CCPA and the GDPR apply to businesses located outside their regions, and both are based on themes of consumer right of access and transparency. But there are significant differences in the laws, especially in terms of specific exemptions, and in the processes and protocols that businesses must establish to interface with the consumers who may seek to invoke the laws new entitlements. The following chart compares the requirements of the GDPR and CCPA:

GDPR

CCPA

Scope

EU personal data processed

California resident's personal data collected

Right to access

Right to access all EU personal data processed

Right to access California personal data collected in last 12 months

Right to portability

Must export and import certain EU personal data in a user-friendly format

All access requests must be exported in user-friendly format, but there is no import requirement

Right to correction

Right to correct errors in EU personal data processed

Not included in CCPA

Right to stop processing

Right to withdraw consent or otherwise stop processing of EU personal

Right to opt-out of selling personal data; must include opt-out link on website

Right to stop automated decision making

Right to require a human to make decisions that have a legal effect

Not included in CCPA

Right to stop third-party transfer

Right to withdraw consent for data transfers involving second purposes of special categories of data

Right to opt-out of selling personal data to third parties

Right to equal services and prices

Not required

Discrimination prohibited

No floor or ceiling

Up to $750 for data breaches, but will be expanded to cover any noncompliance if the proposed amendment is adopted

Private right to action damages

Regulator enforcement

Ceiling of 4 percent of global annual revenue

No ceiling â&#x20AC;&#x201C; $7,500 per violation

IS THE CCPA FINAL? The California Attorney General's Office has just concluded holding multiple public forums and hearings on the CCPA. The Attorney General promoted these forums as an opportunity for the public to participate in the CCPA rulemaking process. The Attorney General anticipates publishing its Notice of Proposed Regulatory Action by fall 2019. The public will have another opportunity to weigh in during the formal public comment period that follows issuance of the draft regulations. Also, the CCPA faces the possibility of being overruled before it is even implemented, as big technology companies have been lobbying heavily for a national data privacy law to pre-empt the CCPA.

WHAT CAN BUSINESSES DO NOW TO PREPARE FOR THE CCPA? Despite the uncertainty that still exist about whether the CCPA may go into effect on Jan. 1, 2020, as the stake is very high, companies should start formulating compliance strategies and seek legal guidance as early as possible. Under the direction of licensed California legal counsel, businesses, among other steps, should: 1. evaluate whether the company meets the CCPA thresholds 2. identify possible exemptions that might apply 3. identify and classify the relevant classes of data (consumer personal information) it collects, discloses and/or sells 4. determine whether the company uses consumer personal information for "commercial purposes" and "business purposes" 5. review and modify third-party vendor agreements 6. review and update the company's Terms of Service and Privacy Policy 7. draft California-specific privacy disclosures and "Do Not Sell My Information" disclosure 8. establish opt-out procedures 9. ensure "no discrimination" policies are in place, along with policies to address certain opt-in requirements

《加州消费者隐私法案》就要来了。您的企业做好准备了吗？原文作者 John P. Kern 和 David I. Holtzman 加州于 2018 年 6 月 28 日签署通过了 2018 年《加州消费者隐私法案》(“CCPA”)，该法案将于 2020 年 1 月 1 日生效。目前为止，CCPA 授予了加州消费者有关收集和使用他们个人信息的新的权利。全新的法律将影响几乎所有中型和大型公司的商业行为––无论他们是否在加州有任何实体存在。正如公司努力遵守 2018 年欧盟通过的数据隐私法《通用数据保护条例》（“GDPR”）一样，它们可能也会需努力来遵守 CCPA 。事实上，按最高公分母的理论，CCPA 可能会取代 GDPR 而实际上成为全球的标准（即由于 CCPA 的某些条款创造了比 GDPR 更高的隐私保护标准，公司必须建立相应的做法规则来符合 CCPA 的要求）。 CCPA 的重点包括：

•

CCPA 在加州建立了一美国前所未见的隐私制度。

•

CCPA 建立一些新的隐私权，适用于受到管辖的商业企业收集、存储、披露或出售的有关加州消费者的个人信息。 “个人信息”的定义广泛，包括可能与加州消费者有关的任何信息。

•

CCPA 赋予了加州消费者（定义广泛）空前的新权利来索求信息、选择退出公司的做法、以及删除他/她在公司系统内的个人资料。公司不得歧视这些消费者。

•

加州立法机构的待立法案（参院 561 法案）可能会巨大地扩大私人的诉讼权利的规定。这意味着加州的个人可以因公司违反 CCPA 而提起诉讼。该立法也可能终止目前 CCPA 所规定的 30 天改正期。

•

违反 CCPA 的公司会面临巨大的风险。

CCPA 有哪些作用？ CCPA 给予“消费者”（定义为任何加州居民）与其个人信息相关的四项基本权利： 1. 知情权，通过一般隐私政策以及通过请求提供更多细节，了解企业收集的有关他们的个人信息、信息来源、公司是否披露或出售了该信息、以及披露或出售给谁。 2. 3. 4.

“选择退出”权，即选择自允许企业向第三方出售个人信息的权利的做法中退出请求删除权，要求公司删除消费者的个人信息不受歧视权，即使消费者根据 CCPA 行使其隐私权，也有权获得企业的同等服务和定价

CCPA 下消费者对其个人信息的权利有哪些？根据 CCPA，消费者有权要求收集消费者个人信息的企业向该消费者披露该企业收集的个人信息类别和细节。加州民法第 1798.100(a)条。此外，CCPA 授权消费者要求销售消费者个人信息或为商业目的披露消费者个人信息的企业向该消费者披露：1）企业收集的有关消费者的个人信息类别; 2）企业销售的个人信息的类别以及购买个人信息的第三方的类别，按照卖给每个第三方的个人信息的类别分类; 及 3）企业为了商业目的而披露的有关消费者的个人信息类别。加州民法第 1798.115(a)条。 CCPA 赋予权消费者可以随时指示向第三方出售关于消费者的个人信息的企业不出售消费者的个人信息的权利（即“选择退出”权）。 CCPA 规定了相当详细的指导方针，规定公司必须如何与消费者沟通选择退出的权利、这些公司如何在 CCPA 框架内解除识别他们想要收集的数据、以及有关保障和处理相关数据的许多其他细节。

CCPA 下的消费者包括哪些? 任何“消费者”，[即按税收规定所定义]在法律上被定义为“任何为加州居民的自然人” （不论如何被界定，包括通过任何独特的界定方式）。根据相关的税收规定，消费者包括：1）除了临时或暂时目的而人在加州的每一个人，及 2）住所在加州但现因临时或暂时目的人在加州以外的每一个人。

CCPA 下的个人信息包括哪些？根据 CCPA，“个人信息”是指识别、连结、描述或能够关联到某个人的任何信息，包括但不限于他或她的姓名、签名、社会安全号码、体型特征或描述、地址、电话号码、护照号码、驾驶执照或州身份证号码，保险单编号、教育、就业、工作经历、银行帐号、信用卡号、借记卡号或任何其他财务信息、医疗信息或健康保险信息。 “个人信息”不包括已在联邦、州或地方政府资料记录中合法地向公众提供的公开信息、或是一般公开的信息、或已经被解除识别的公开信息、或仅仅是消费者的聚合信息（或其他约六个例外的情形）。

有豁免吗？可用的豁免数量有限。例如，CCPA 明确规定对企业施加的义务不限制企业“收集、使用、保留、出售或披露被解除识别的消费者信息或消费者的聚合信息”的能力。加州民法第 1798.145(a)(5)条。因此，一些公司可能会选择实施解除识别的做法作为合规手段，而不须面对需回复一个或可能无限多个不知名的消费者索求信息、档案删除等等所带来得复杂问题及负担。此外，CCPA 不适用于受联邦健康隐私法规（例如 HIPAA）管辖的组织收集的受保护的或与健康有关的信息，或受某些联邦隐私法管辖的财务信息。加州民法第 1798.145(c)条。

谁必须遵守 CCPA？ CCPA 将“企业”定义为在加州开展业务并且年度符合以下任何一个门槛的任何商业（营利性）实体： 1）产生超过 2500 万美元的总收入 2）购买、收受、出售或分享 5 万个或更多“消费者、家庭或设备装置”的“个人信息”，或

3）其 50％或更多的收入系通过销售“个人信息”所产生这个定义看来将似乎不会涵盖位于加州以外的小型企业；但其实没有要求在加州需有实体的存在。如果您在加州进行网络“销售”，并且您购买、收受、出售或分享至少 5 万条“个人信息”（非常广泛地定义）––无论是否从加州的“消费者”处收集，您将必须遵守 CCPA。如果您进行网络销售并且您的商业模式主要涉及向广告商“ 销售”信息，您也将受到 CCPA 的约束。为了强调 CPPA 涵盖的主体范围，请考虑以下示例：如果您是世界任何地方的任何企业、在加州开展业务、您年的总收入将超过 2500 万美元、并且您在公司的服务器或其文件中储存了任何一个可以声称自己是加州居民的人的电子邮件地址 — 即使只有一个电子邮件地址，那么您的公司必须遵守 CCPA。不遵守规定可能会给您带来诉讼、加州总检察长的调查以及巨额财务责任。

不遵守 CCPA 的风险有哪些？ 1.

加州总检察长主要执行 CCPA，并且对于每次违规都可能要求高达 7500 美元的法定赔偿金。

2. CCPA 还提供私人诉讼权，允许消费者单独或作为集体寻求法定或实际损害赔偿以及禁令和其他救济。在 2019 年 2 月 22 日之前，这种私人诉讼条款对公司来说似乎并不特别危险，因为它仅限于数据泄露––而非对 CCPA 的严格的条款的违法。此外，所有诉讼当事人都必须向涉嫌数据泄露的公司提供书面通知，且公司有 30 天的“改正期”来解决任何问题。 2019 年 2 月 22 日，加州立法机关提出了参院 561 法案，以重大修改 CCPA 的关键组成。该提出的修正案如果获得通过，将 1）扩大 CCPA 下的私人诉讼权（提起民事诉讼的权利），以涵盖任何违规行为，及 2）减少当前版本的 CCPA 中包含的公司的两项保护措施。扩大私人诉讼权根据提出的修正案，消费者不仅可以针对数据泄露（例如，未经授权的盗窃、获取）提起诉讼，还可以对任何不遵守 CCPA 的行为提起诉讼。根据目前的版本，只有总检察长有这项扩大的权利。取消特定总检察长指导权提出的修正案将取消当前企业或第三方可以征求总检察长意见以获得有关如何遵守 CCPA 的指导的选择。修正案取消了这一选择，而是要求总检察长公布有关该法的一般公众指导。取消 30 天的改正期最后，提出的修正案将取消目前法律规定的 30 天改正期。关于这项提议的重大修正案的投票还没有确定日期，但许多评论员认为它将作为最终法律的一部分被采纳，因为它是专门针对选民和消费者抱怨 CCPA 的现有条款太弱了且对企业有利而提出的。如果修正案获得通过，最重要的影响可能是针对不遵守 CCPA 要求的公司的集体诉讼––特别是较大公司––将会迅速增加。

如果企业符合 GDPR，是否需要做出任何改变？《通用数据保护条例》（“GDPR”）是欧盟（“EU”）关于欧盟和欧洲经济区（“EEA”）内所有个人数据保护和隐私的法律规则。它还对从欧盟和欧洲经济区输出个人数据进行规范。 GDPR 主要旨在通过统一欧盟内部的法规，使个人能够控制其个人数据，并简化国际商务的监管环境。如果欧盟以外的公司收集或处理位于欧盟内的个人的个人数据，则 GDPR 也同样适用。 CCPA 和 GDPR 两者都适用于位于其管辖区域以外的企业，两者的主旨都是消费者获取权和透明度。但是，法律本身存在重大差异，尤其是在特定豁免方面，以及在企业必须建立其与可能寻求援引法律新权利的消费者互动的流程及做法规定方面。

下图比较了 GDPR 和 CCPA 的要求：

GDPR

CCPA

范围

欧盟个人信息处理

加州居民的个人信息收集

获取权

获得所有欧盟处理的个人信息的权利

获得过去12个月内收集的加州个人信息的权利

转移权

必须用对用户友好的方式输出和输入某些欧盟个人信息

所有获取请求必须用对用户友好的方式输出，但是没有输入方面的要求

改正权

改正欧盟个人信息处理中的错误

CCPA中无此权利

停止处理权

撤销同意的权利或者其它停止处理欧盟个人数据的权利

选择不被销售个人信息的权利；必须将选择退出的链接发布在网上

停止自动做决策权

要求自然人做出有法律效力决定的权利

CCPA中无此权利

停止第三方转移权

撤销同意转让包括特别类别数据的第二种目的的权利

选择个人信息不被销售给第三方的权利

同等服务和价格权

无此要求

禁止歧视

损害赔偿的私人权

无最低或最高限制

数据泄漏最高750美元，如果提案通过，会被扩展至涵盖任何违规

监管者执法

最多每年收入的4%

无上限-每次违法7500美元

CCPA 确定了吗？加州总检察长办公室刚刚结束了关于 CCPA 的多个公共论坛和听证会。总检察长将这些论坛作为公众参与 CCPA 规则制定过程的机会进行宣传。总检察长预计将在 2019 年秋季之前发布其《监管行动提案通知》。在发布条例草案之后的正式公众意见征询期内，公众将有另一次机会提出意见。此外，CCPA 面临着在实施之前被推翻的可能性，因为大型科技公司一直在大力游说通过取代 CCPA 的全国性数据隐私法律。

企业可以做些什么来为 CCPA 做准备？尽管对于 CCPA 是否能在 2020 年 1 月 1 日生效仍然存在不确定性，公司应该开始制定合规策略并尽早寻求法律指导，因为风险很大。在有加州资格的法律顾问的指导下，企业采取的步骤包括但不限于： 1.

评估公司是否符合 CCPA 门槛

确定有可能适用的豁免

对其收集、披露和/或销售的相关数据类别（消费者个人信息）进行确认和分类

确定公司是否将消费者个人信息用于“商业目的”及“营业目的”

审核并修改第三方供应商协议

查看并更新公司的服务条款和隐私政策

起草加州特定的隐私披露和“不销售我的信息”的披露

建立选择退出程序

确保有“无歧视”政策，以及解决某些选择加入要求的政策

Team Contacts 我所数据保护团队联系方式 Paul Bond Partner | Philadelphia 215.252.9535 paul.bond@hklaw.com

Scott T. Lashway Partner | Boston 617.305.2119 scott.lashway@hklaw.com

Kaylee A. Bankston Senior Counsel | Washington, D.C. 202.469.5185 kaylee.bankson@hklaw.com

Mark S. Melodia Partner | New York 212.513.3583 mark.melodia@hklaw.com

Mark H. Francis Partner | New York 212.513.3572 mark.francis@hklaw.com

Ashley L. Shively Partner | San Francisco 415.743.6906 ashley.shively@hklaw.com

John P. Kern Partner | San Francisco 415.743.6918 john.kern@hklaw.com

Stacey Hsiang Chung Wang Partner | Los Angeles 213.896.2480 stacey.wang@hklaw.com

You May Also Contact Our China Practice Attorneys For Assistance 您也可以中文与我们下列律师联系以取得协助 Hongjun Zhang, Ph.D. Partner | Washington, D.C. 202.457.5906 hongjun.zhang@hklaw.com

Mike Chiang Senior Counsel | San Francisco 415.743.6968 mike.chiang@hklaw.com