The CCPA requires that a business “deliver” the information that is required to be produced under the Act within “45 days of receiving a verifiable consumer request.”1 The 45 day time period can be extended by an additional 45 days when “reasonably necessary.”2 If a business seeks to rely upon the extension it must inform the requestor of that fact within the first 45 day period.
The CCPA does not specify what type of situations might qualify as “reasonably necessary” to extend the response time period. It is possible that a court, or the California Attorney General, could look to the GDPR for guidance. The GDPR similarly allows an organization to extend the time within which information must be provided by an access request and specifies that two factors that might contribute to the need for an extension would be the “complexity and number” of requests that a person makes.
For more information and resources about the CCPA visit http://www.CCPA-info.com.
This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes. You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.
1. Cal. Civil Code § 1798.130(a)(2).
2. Cal. Civil Code § 1798.130(a)(2).