California Attorney General Submits Final CCPA Regulations

Newmeyer Dillion

The California Consumer Privacy Act of 2018 (CCPA) went into effect on January 1, 2020. This law was implemented to protect the use, sharing and selling of consumers’ personal information, and included a variety of complex requirements for companies that do business in the State of California. The California Attorney General had been tasked with providing guidance on compliance with the CCPA. Finally, on June 1st, the final proposed regulations under the CCPA were submitted to the California Office of Administrative Law (OAL) to become law.

While these regulations will not become law for at least 90 days or more (due to timeframes for approval being extended due to the COVID-19 pandemic), the CCPA expressly authorizes the Attorney General to start enforcement actions on July 1, 2020. As we have previously indicated, while the Attorney General claims it will only initially pursue egregious and flagrant enforcement cases, this is more than likely to expand to include actions for non-compliance. It is critical to remain mindful that the private right of action regarding data breaches under the CCPA remains in place.

What Do Businesses Need to Do Now?

Now is the time to take action and implement a compliance strategy for the CCPA as soon as possible. While 30 days is certainly not a lot of time to become compliant, it only stresses the need to move quickly and make basic measures towards compliance, such as adapting privacy policies for compliance, preparing necessary disclosure statements, and mapping where data is stored and how it is shared – in both electronic and hard copy formats. There will be additional time to update and supplement compliance efforts with the Attorney General’s guidelines and those can become incorporated during the compliance process. Despite many businesses working remotely at this time due to COVID-19, privacy professionals must still be engaged to create a CCPA compliance plan and work with IT professionals to ensure CCPA compliance under these circumstances.

Why Does This Matter For Businesses

  • If you do not have a plan to address CCPA requirements, now is the time to do so.
  • Class-action lawsuits have already commenced under the CCPA, and are likely to continue to increase significantly over time and as a result of the current remote working conditions created by the COVID-19 pandemic.
  • Regardless of your current work environment, provide periodic on site or virtual training to ensure all employees understand the basic requirements of the CCPA and remain vigilant when it comes to cyber security, privacy and the protection of personal information.
  • If you are considering securing a cyber liability insurance policy to address these requirements, have the form policy as well as applicable endorsements reviewed by an experienced cyber insurance coverage attorney prior to binding coverage to confirm that you will actually have the coverage you want to secure and properly address CCPA requirements.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Newmeyer Dillion | Attorney Advertising

Written by:

Newmeyer Dillion

Newmeyer Dillion on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.