For those of you who have been wondering when the California Consumer Privacy Act regulations (which California Attorney General Xavier Becerra submitted to the Office of Administrative Law back in June) would be approved, you now have your answer:
The regulations (which can be found here) were approved and went into immediate effect on August 14, 2020.
While the CCPA’s formal enforcement date actually began on July 1st, approval and implementation of the finalized regulations now means that the California AG can bring enforcement actions against companies they’ve deemed to be in violation of the CCPA.
As an e-commerce attorney who has been working with startups and more established companies on their online terms of service, privacy policies, and other disclosures to conform to CCPA’s requirements, I can say that the regulations have been helpful in many aspects, although as with any piece of “new” legislation (particularly one as hastily slapped together as CCPA), questions and concerns abound. I suspect that these uncertainties will be eventually addressed by California’s legislature and, until that happens, will be left to the courts to work through.
As each violation of CCPA may subject a business to injunction and civil penalties of between $2,500 and $7,500 (depending on whether or not the California AG can demonstrate whether such violation was “intentional” [See Civ. Code § 1798.155), companies that qualify as a “business” that collects, shares, transfers, or sells personal information of a California “consumer” under Civ. Code § 1798.140 should carefully review their current privacy practices to ensure compliance with both the statute and the final regulations.
Ben Bhandhusavee is the Managing Attorney for BHANDLAW, PLLC, a Phoenix business and technology law firm working with start-up companies, creative intellectual property, Internet and digital media matters, and complex corporate M&A and technology transactions. Ben can be reached at (602) 222-5542 or by e-mail at firstname.lastname@example.org