CCPA regulations

Clarifying the $25 Million Threshold in the Final CCPA Regulations

September 21, 2020 by David Klein

On August 14, 2020, the Office of Administrative Law (“OAL”) approved the California Department of Justice’s final California Consumer Privacy Act (“CCPA”) regulations and filed them with the California Secretary of State. Prior to approval, some businesses were uncertain as to whether the $25 million revenue threshold was related to revenue generated only from California State sales, California residents, or total global revenues. The California Attorney General’s Office has since clarified that limiting the threshold to revenue generated only in California or from California State residents would be inconsistent with the intended broad reach of the CCPA regulations.

What businesses are regulated by CCPA Regulations?

[Read More]

CCPA 2.0 on California’s November Ballot

August 6, 2020 by David Klein

Although it feels just like yesterday that the California Consumer Privacy Act (“CCPA”) went into effect (it was January 1, 2020), California may be at it again. After securing 931,000 signatures from California State residents, the privacy-right activist group, Californians for Consumer Privacy, has qualified yet another privacy bill for the November 3, 2020 ballot. The California Privacy Rights Act (“CPRA”), which some are calling CCPA 2.0, would expand the privacy rights of Californians with enforcement set to begin on January 1, 2023.

What is CCPA 2.0?

[Read More]

CCPA Enforcement has Begun

July 22, 2020 by David Klein

Although the California Consumer Privacy Act (“CCPA”) went into effect on January 1, 2020, the California Attorney General (“AG”) was prohibited from bringing enforcement actions until July 1, 2020. Due to the COVID-19 pandemic, some observers were unsure whether the AG would be able to meet the July 1^st deadline. However, the AG is moving full speed ahead and has even denied businesses’ requests to delay the CCPA enforcement date due to COVID-19. Now, the AG has commenced enforcement action as planned, and businesses have already started to receive CCPA violation notices.

What should you do if you receive a CCPA violation notice?

[Read More]

Final CCPA Regulations Released

June 5, 2020 by David Klein

On June 1, 2020, the California Attorney General’s Office submitted the final text of California Consumer Privacy Act (“CCPA”) regulations to the Office of Administrative Law (“OAL”) for review. Typically, OAL has thirty (30) working days to determine whether regulations under its review satisfy the procedural requirements of the Administrative Procedure Act. The California State Attorney General has requested that OAL expedite its review and make the CCPA regulations effective on the same day that they are filed with the Secretary of State. It is uncertain at this time whether OAL will comply with the California State Attorney General’s request and enact the final CCPA regulations by the July 1, 2020 enforcement date.

When will the final CCPA Regulations take effect?

[Read More]

Preparing CCPA Privacy Policies Before the July 1 Enforcement Date

May 20, 2020 by David Klein

Despite the myriad issues that businesses now face with the Covid-19 pandemic, the California State Attorney General remains committed to the California Consumer Privacy Act (“CCPA”) enforcement date of July 1, 2020. As such, businesses that have not already done so should add CCPA compliance to their immediate to-do lists. One area of compliance that requires attention is online privacy policies that include CCPA-mandated provisions (“CCPA Privacy Policies”). Since the proposed CCPA regulations were first released to the public on October 11, 2019, the California State Attorney General’s Office has released two (2) modifications thereto. Those modifications have, in turn, necessitated changes to companies’ CCPA Privacy Policies. Businesses must, among other things, update their online privacy policies to ensure that they include CCPA-required disclosures and the associated menu of consumer options.

What is required of CCPA Privacy Policies?

[Read More]

CCPA Record Keeping Requirements

April 23, 2020 by David Klein

Despite the ongoing Covid-19 pandemic, the California Consumer Privacy Act (“CCPA”) enforcement date remains set at July 1, 2020. Readers of this blog know that we have been providing frequent updates on all things CCPA. In this post, we take a deep dive into the record keeping requirements contained in the CCPA.

What are the CCPA record keeping requirements?

[Read More]

CCPA Enforcement Date Remains July 1, 2020

March 31, 2020 by David Klein

The novel coronavirus (“COVID-19”) pandemic has required businesses to adapt to unforeseen disruptions. However, one thing that has remained constant is the California Consumer Privacy Act (“CCPA”) enforcement date of July 1, 2020. Earlier this month, a coalition of approximately 60 businesses sent a letter to California Attorney General Xavier Becerra asking that the CCPA enforcement date be delayed until January 2, 2021 because of ongoing health and economic worries created by COVID-19. Civil Code Section 1798.85(c) states that “the Attorney General shall not bring an enforcement action under this title until six months after the publication of the final regulations issued pursuant to this section or July 1, 2020, whichever is sooner.” In an email to Forbes magazine, an advisor for the California Attorney General’s Office said that they are “committed to enforcing the law upon finalizing the rules or July 1, whichever comes first,” and “encourage[d] businesses to be particularly mindful of data security in this time of emergency.” Consequently, because the final regulations have not been published, July 1, 2020 remains the CCPA enforcement date. Given the foregoing, businesses working to weather the damage caused by COVID-19 also need to be mindful of their compliance obligations under the CCPA.

What are the CCPA Enforcement Measures?

[Read More]

CCPA Regulations Revised, Again

March 20, 2020 by David Klein

Recently, the California Consumer Privacy Act (“CCPA”) regulations were modified by the California Attorney General for a second time. These modifications are an attempt to address issues raised by approximately one hundred comments that followed the release of the Modified Draft Regulations on February 7, 2020. The California Attorney General is accepting written comments on the latest modifications until March 27, 2020. All of these measures are being taken to ensure that businesses have a clear understanding of what the CCPA regulations require before the enforcement date of July 1, 2020.

What are the most recent modifications to the CCPA regulations?

[Read More]