• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

In Response to Covid-19, NYDFS Delays while CA AG Declines to Change CCPA Timing

April 7, 2020 By Privacy, Cyber & Data Strategy Team

According to a report from the International Association of Privacy Professionals, the California Attorney General has confirmed that enforcement of the California Consumer Privacy Act (CCPA) will not be delayed due to the Covid-19 pandemic. “We’re committed to enforcing the law as early as July 1,” said a representative of the Attorney General’s office according to the report. The statement from the Attorney General’s office goes on to emphasize the importance of data security, which may suggest that data security will be an initial focus of enforcement efforts. Media and advertising groups had previously urged a delay in enforcement by the Attorney General. The July 1st enforcement date confirmed by the Attorney General’s office reflects the enforcement date required by the statute. The Attorney General has also issued draft regulations under the CCPA. The effective date of these regulations depends upon finalization by the Attorney General and subsequent approval by California’s Office of Administrative Law (OAL). If the Attorney General finalizes and provides the regulation to the OAL before April 16, then it is likely that the regulations will become effective July 1; otherwise, if the Attorney General finalizes and provides the regulations to the OAL by July 20, then the regulations are expected to become effective October 1.[1]

Apart from public enforcement by the Attorney General, private litigants are already actively litigating claims based on the law, reflecting the fact that the law became generally effective on January 1. Current class-action lawsuits focus on notice requirements, security requirements, and opt-out requirements under the CCPA, including claims in the context of data sharing with third parties for marketing purposes (such as Facebook).

Alston & Bird has previously covered the California Consumer Privacy Act’s enactment, private right of action, and offered a webinar on operationalizing CCPA requirements.

Financial businesses subject to New York’s cybersecurity regulation (23 NYCRR Part 500) may delay filing their Certificate of Compliance until June 1, 2020. The New York Department of Financial Services confirmed the deadline extension as a response to Covid-19. The New York Department of Financial Services had previously extended the deadline from February 15 to April 15. On its website, the Department writes, “Due to the outbreak of COVID-19, the deadline for Certification of Compliance for calendar year 2019 has been extended from its original deadline of April 15, 2020 to June 1, 2020.”

___________________

[1] See Office of Administrative Law, Guide to Public Participation in the Regulatory Process (2006); California Department of Justice, Notice of Proposed Rulemaking Action (October 11, 2019); California Department of Justice, California Consumer Privacy Act Regulations: Information About the Rulemaking Process (downloaded April 2, 2020). These projected dates are an attempt to predict likely outcomes but those outcomes could change based on a number of factors (e.g., speedier review by the OAL, special request by the AG to delay or speed up enforcement, or objections by the OAL).

Filed Under: Uncategorized

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Belgian Supervisory Authority Sanctions News Media Company for Violating Cookie Rules
  • DOJ Issues New Policy on CFAA Prosecutions
  • EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.