• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy Blog

  • Home
  • Services
  • Events
  • Contacts

California AG Publishes Final CCPA Regulations, Seeks Possible July 1 Effective Date

June 4, 2020 By Daniel Felz

Since the California Consumer Privacy Act (CCPA) entered into force on January 1, 2020, many companies have been closely following the development of CCPA Regulations by the California Attorney General’s Office (AG’s Office).  The AG’s Office released an initial draft of the CCPA Regulations in October 2019, prompting over 3,000 pages of public comment (read our summary of the key impacts of the October 2019 Regulations draft here).  This initial draft was followed by a first round of modifications in February 2020 (read our summary of major business impacts here), as well as a second round of modifications in March 2020.  Each round of modifications generated further public comment.

On June 2, 2020, California Attorney General Xavier Becerra announced that his office had finalized the CCPA Regulations and submitted them to California’s Office of Administrative Law (OAL) for review.  The AG’s Office has thus published its finalized CCPA Regulations, a copy of which can be accessed here.  The finalized Regulations appear to be mostly identical to the version of the Regulations published in March 2020, with the exception of formatting and clean-up changes, and the deletion of the phrase “or a typical consumer’s data” from § 999.337(a)(2).

So when will the finalized CCPA Regulations take effect?   In normal circumstances, the CCPA Regulations would take effect on October 1, 2020 or January 1, 2021, depending on when OAL completes its review.  However, here, a significantly earlier effective date is possible.  California’s administrative procedure law permits an earlier effective date if the AG’s Office “makes a written request to [OAL] demonstrating good cause for an earlier effective date.”  Cal. Gov’t Code § 11343.4(b).  The AG’s Office appears to have done so here, submitting a “Written Justification for Earlier Effective Date and Request for Expedited Review” (available here) to OAL asking for the Regulations to take effect as soon as they are filed with California’s Secretary of State.  If OAL grants the AG’s request, it is possible that the CCPA Regulations take effect on or before July 1.

Not many observers expected the AG’s Office to push for an expedited effective date in the middle of the COVID pandemic.  The AG’s responses to recent public comments may provide insight.  As the AG’s Office stated in response to public comments about implementing new compliance during the COVID pandemic, “[t]he [AG’s Office] has determined that any delays in implementation of the regulation will have a detrimental effect on consumer privacy as more and more Californians are using online resources to shop, work, and go to school.”

*                                           *                                           *

Alston & Bird is assisting organizations across industries with CCPA Regulations compliance on an expedited timeline that accounts for the potential of a July 1 effective date.  For more information contact Jim Harvey, David Keating, Kim Peretti, Amy Mushahwar, Kathleen Benway, Karen Sanzaro, Maki DePalo, or Daniel Felz.

Filed Under: California, CCPA, Data Protection, Enforcement, Privacy, Regulation Tagged With: California Consumer Privacy Act (CCPA), Regulatory Enforcement, US State Law

About Daniel Felz

Daniel Felz is a senior associate with Alston & Bird’s Privacy & Data Security Group. Dan leverages his extensive international experience to advise clients on global privacy, cybersecurity, technology, and adversarial matters.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy & Data Security team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • New Law Requires HHS to Consider Recognized Security Practices as Mitigating Factor When Determining Penalties
  • Federal Court Rules Cyber Forensic Report Is Not Protected Under Attorney-Client Privilege Or Work Product Doctrine
  • Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents
  • Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK
  • UK ICO Publishes New Data Sharing Code
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.
This website uses cookies to improve functionality and performance. By continuing to browse this site, you are consenting to the use of cookies on this website. OkCookie policy