September 11, 2020

Complying with Newly Finalized CCPA Regulations

Morgan Lewis

+ Follow Contact

Send

Embed

Morgan Lewis The landmark California Consumer Privacy Act (CCPA) requires certain companies doing business in California to implement new consumer privacy rights and provide new privacy policies to consumers. Even though the California attorney general’s right to enforce the law began July 1, 2020, the CCPA regulations did not become final and effective until August 14, 2020.

Now that the regulations are final, affected businesses must finalize their CCPA compliance programs if they have not already done so. However, it is important to note that the act is still undergoing changes, including a pending ballot initiative (the California Privacy Rights and Enforcement Act of 2020 (CPREA)) and AB 1281, which extends employment and business-to-business exemptions. Here are some key takeaways of what companies need to know to navigate the ongoing changes, manage potential enforcement actions, and create an effective compliance program.

The CPREA will be included on the November 3 ballot. If it passes, the CPREA would amend the CCPA and allow consumers to opt out of a business’s use and disclosure of sensitive personal information, expand breach liability, allow consumers the right to have inaccurate personal information corrected, and extend employee and business-to-business exceptions.
The CPREA would create a new enforcement agency: the California Privacy Protection Agency, which would assume the California attorney general’s responsibility for interpreting and enforcing the CCPA/CPREA.
Despite industry efforts to postpone the July 1 enforcement deadline in light of the coronavirus (COVID-19) pandemic, the attorney general’s office maintained the deadline. Perfect CCPA compliance is challenging because the regulations are far-reaching and have only recently been finalized, but companies may take reasonable, practical steps to achieve CCPA compliance and mitigate the risks of an attorney general enforcement action or a civil lawsuit under the CCPA’s new private right of action for security breaches.

This presentation was originally part of the Data Privacy and Protection Boot Camp.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Morgan Lewis

Contact + Follow

Andrew Gray IV

+ Follow

W. Reece Hirsch

+ Follow

less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Increased visibility
Actionable analytics
Ongoing guidance

Learn More

Published In:

California Consumer Privacy Act (CCPA)

+ Follow

Consumer Privacy Rights

+ Follow

CPREA

+ Follow

Cybersecurity

+ Follow

Data Collection

+ Follow

Data Management

+ Follow

Data Privacy

+ Follow

Data Protection

+ Follow

Information Governance

+ Follow

Personal Data

+ Follow

Personally Identifiable Information

+ Follow

State and Local Government

+ Follow

Communications & Media

+ Follow

Consumer Protection

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Morgan Lewis on:

Complying with Newly Finalized CCPA Regulations

Latest Posts

Written by:

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Published In:

Morgan Lewis on:

"My best business intelligence, in one easy email…"