On June 1, The California Attorney General submitted the final text of the CCPA regulations to the California Office of Administrative Law for approval. Though regulations submitted to the OAL in June ordinarily would not become effective—if approved—until October 1, the CA AG has requested an expedited review. According to the CA AG, the expedited review would allow the regulations to become effective by July 1, which still is the date his office plans to begin enforcing the CCPA according to a public statement.
The California Privacy Rights Act is progressing through California’s elections process for inclusion on the November 2020 ballot. Businesses may want to begin considering how their data privacy obligations in California may change if voters enact CPRA. The CPRA would significantly amend the CCPA. Included in this blog post is a summary of key additions and modifications to the CCPA’s existing obligations.
Businesses spent the latter months of 2019 working hard to prepare for the January 1, 2020 implementation of the California Consumer Privacy Act. Months later, those businesses still are uncertain of their full range of potential compliance obligations because the California Attorney General’s CCPA implementing regulations are still not final. As businesses refine their CCPA compliance programs, they should also be aware that privacy rules in California could again change before the end of this year if the California Privacy Rights Act ballot initiative is approved by voters. Both the regulations and the CPRA are subject to complicated administrative processes that could affect their adoption and implementation, as described in this post.
On Friday, February 7, 2020, the California Attorney General released notice of changes to the California Consumer Privacy Act draft regulations. Initial draft regulations were published for public comment on October 11, 2019. Public comments on these modified draft CCPA regulations will be accepted by the CA AG until Monday, February 24, 2020, at 5 pm PST.