The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. For companies within the scope of the CCPA, it’s not too late to start putting together a CCPA compliance program. The CCPA enforcement date is not until July 1, 2020. Thus, the California Attorney General is unable to bring enforcement actions against companies for violations of the CCPA for at least another six months. During that time, companies should be:

• Developing a detailed map of the data flows within a company to identify and track all the personal information in a company’s network
• Updating online and offline policies, procedures, and training materials to address CCPA obligations
• Responding to verifiable consumer requests to exercise their new CCPA rights, including the right to delete personal information

However, the CCPA represents a dramatic shift in how U.S. companies must handle the privacy of personal information going forward. Many other states, including New York, are expected to pass similar comprehensive privacy legislation. Most companies doing business with California residents are likely already required to comply with the CCPA requirements, but all companies should be thinking about whether they should begin incorporating some of the CCPA requirements in anticipation of other new state laws.