Effective Wednesday, July 1, 2020, the California Attorney General may begin enforcing the California Consumer Protection Act (CCPA).
Passed just over two years ago, the CCPA requires regulated businesses to provide more transparency regarding their data privacy practices and gives California consumers additional rights and control over their personal information. The landmark privacy law took effect on January 1, 2020 but included a six-month waiting period before the AG’s enforcement powers kicked in. Despite several requests to delay enforcement due to the business disruption caused by Covid-19 and the absence of final CCPA regulations, the AG plans to proceed with the July 1 effective date.
As to the regulations, the AG released the final text of its proposed CCPA regulations earlier this month. They’ll become effective once approved by the California Office of Administrative Law and filed with the Secretary of State.
If your business collects personal information about California consumers and is not yet in compliance with (or exempt from) the CCPA and its implementing regulations, you should begin working immediately to remediate any compliance gaps. This includes mandatory consumer disclosures in your privacy policy and at the point of collection, and operational protocols to accept, validate, and process consumers’ CCPA requests.
In related news, the California Privacy Rights Act (CPRA), which would adopt additional privacy rights and restrictions beyond the CCPA, recently qualified to appear on California’s November 3, 2020 ballot. If adopted by California voters, the CPRA would take effect on January 1, 2023.
Nick is a Partner at M&S where he leads the firm’s Compliance practice areas. He brings more than a decade of experience helping clients understand and comply with federal and state privacy, advertising, and telemarketing laws and regulations.