On October 10, 2019, California Attorney General Xavier Becerra announced a long-awaited notice of proposed rulemaking and draft regulations for the California Consumer Privacy Act (CCPA), California’s new consumer privacy law, which we have analyzed here and here.
In part one of our multi-part series regarding the draft CCPA regulations, we focused on businesses’ notice obligations. In this second part of our series, we focus on businesses’ obligations to respond to consumer requests. As discussed below, the draft CCPA regulations provide detailed guidance that will have important ramifications for businesses that control or process information about California consumers, particularly in light of CCPA’s broad definition of personal information.
Before these proposed CCPA regulations are approved and implemented, interested parties have until December 6, 2019, to submit written comments regarding the draft regulations and to participate in town hall meetings hosted by the Attorney General’s Office in Sacramento, San Francisco, Los Angeles, and Fresno. Any businesses impacted by the CCPA should carefully consider whether submitting comments or requested amendments are appropriate.
Representatives of the Attorney General’s office have indicated that July 1, 2020 is the anticipated date for CCPA enforcement to begin, but reiterated that CCPA takes effect on January 1, 2020, which means that class action exposure and other provisions apply as of that date.
Click here to continue reading the full version of this article.