The California Consumer Privacy Act imposes many new requirements and includes specific guidance on consumer rights.
As we noted in our initial post, on October 1, 2019, the California Attorney General’s office (“CAG”) issued proposed regulations to the California Consumer Protection Act (“CCPA”), which are intended to “establish procedures to facilitate consumers’ new rights...and provide guidance to businesses for how to comply.” See Ch. 20. California Consumer Privacy Act Regulations – Proposed Regulations 999.300 et seq.; full text available here. The proposed regulations impose many new requirements on businesses required to comply with the CCPA, and include specific guidance on each of the “rights” identified in the CCPA (i.e., right to: know, opt out, delete, and equal treatment), including, inter alia, that businesses must:
The comment period for the proposed regulations ended on December 6, and material changes to the regulations are not expected. Once the proposed regulations are implemented on July 1, 2020, the CAG can initiate enforcement actions and consumers can initiate a private right of action against noncompliant businesses.
In our final installment on the lead-up to the implementation of the CCPA we will provide some practical guidance with respect to how business subject to the CCPA can ready themselves for CCPA compliance.