With the CCPA now in force, companies are facing increased liability from multiple sources. This article series discusses how companies’ responses to California consumer data requests and updates to privacy policies could prompt lawsuits under consumer protection laws and how companies can mitigate those risks. Part one in this series discussed the CCPA’s limited private right of action, which applies to data breaches only. In this article, with insight from lawyers at Perkins Coie, Manatt Phelps and Sidley Austin, we look at risks hiding elsewhere in companies’ CCPA compliance efforts. We also provide the results of a poll of companies’ choices so far in implementing CCPA, conducted during a recent Sidley Austin webinar. See “How to Handle E.U. Data Subject Access Requests” (Dec. 11, 2019).