CCPA final regulations submitted, including a hint of what is on the horizon in California
On June 1, 2020, the California Attorney General submitted the final text of the proposed regulations under the California Consumer Privacy Act (CCPA) to the state’s Office of Administrative Law (OAL) for approval. Upon submission, OAL would typically have 30 working days to review the submitted regulations to ensure compliance with the California Administrative Procedure Act. However, in light of COVID-19, California Governor Gavin Newsome enacted Executive Order N-40-20, which operates to give OAL an additional 60 calendar days to complete its review. Notwithstanding the executive order, the attorney general has requested that OAL complete its review within 30 working days – ostensibly to hit the statute’s July 1, 2020, enforcement date. As of this writing, the regulations are listed as “under review” on OAL’s webpage (along with dozens of other regulations).
These long-awaited final regulations follow months of public hearings and more than 1,000 public comments. For businesses that have devoted time and effort into early compliance efforts, the final regulations bear some good news: they are substantively identical to the Second Modified Regulations that were released in March of this year. For those that have opted to wait, the next few weeks may prove to be a heavy lift.
Come July 1, or shortly thereafter, the California attorney general may begin to pursue civil enforcement penalties under the CCPA for non-compliance. And, while the CCPA contains a “cure” period – a time in which the business may remedy a perceived wrong – such a period is limited to 30 days, and the penalties for not coming into compliance may be hefty and may accumulate quickly.
The California attorney general’s CCPA page contains the entire final proposed regulations package.
This is for informational purposes only. It is not intended to be legal advice and does not create or imply an attorney-client relationship.Download PDF