In a letter sent earlier this month, a group representing more than 30 companies, trade associations and various industries asked the California Attorney General if enforcement of the California Consumer Privacy Act could be postponed. Concerned with the business impacts and reprioritization related to COVID-19, the association asked the Attorney General to delay enforcement from July 2020 until January 2021. The association stated that companies scrambling to respond to COVID-19 would need more time to comply with the various requirements of the new privacy law.

On March 24, 2020, the office of the California Attorney General provided its response. No. As reported by Forbes online, in an email to Forbes magazine, an adviser from the Attorney General’s office stated “Right now, we’re committed to enforcing the law upon finalizing the rules or July 1, whichever comes first….We’re all mindful of the new reality created by COVID-19 and the heightened value of protecting consumers’ privacy online that comes with it. We encourage businesses to be particularly mindful of data security in this time of emergency.”

Notable from the adviser’s comments above is that the enforcement would commence when the rules were finalized or July 1, “whichever comes first.” This raises the possibility or question of whether the CCPA could be enforced BEFORE July 1. This would be a significant departure from previous guidance and the statute itself. The text of the statute states enforcement will begin July 1, or 6 months after the publication of the final regulations. The CCPA’s implementation regulations were only recently revised a second time, with comments due back to the Attorney General by this Friday, March 27. Accordingly, we would expect July 1 to remain the date upon which enforcement will generally begin.

Taft’s Privacy and Data Security (PDS) practice group will continue to monitor this development and other issues associated with the CCPA in view of this new challenge. We encourage you to check out other posts on CCPA, as well as other COVID-19 Tool Kit updates regarding emerging threats to data security and privacy.

Other PDS Posts on the CCPA: