California AG Announces CCPA Regulations are Final – And Effective Immediately
Monday, August 17, 2020
CCPA Regulations Going Into Effect
Print Mail Download i

California Attorney General Becerra announced Friday afternoon that the Office of Administrative Law (OAL) had approved the final CCPA regulations his office submitted to the OAL in June, and that the review process is complete.  This means that the CCPA Regulations go into effect immediately

According to AG Becerra’s announcement, “With these rules finalized, California breaks ground and leads the nation to protect and advance data privacy. These rules guide consumers and businesses alike on how to implement the California Consumer Privacy Act. As we face a pandemic of historic proportions, it is particularly critical to be mindful of personal data security.”

If you have been sitting on the sidelines “waiting for the final regulations,” now is the time to move CCPA compliance to the front burner.   Enforcement of the CCPA itself by the AG’s office began on July 1 (looking back to the January 1 effective date of the statute), but Friday’s announcement means that the regulations are in full force and effect as of now, with all the operational requirements.

Here are some things that you should be doing in light of the regulations:

  • Privacy Notice:   Review your website and data policies to ensure that they conform with the requirements set out in the CCPA regulations.  You must include the following notices:

    • Website privacy notice (prominently featured) with a comprehensive description of your business’ online and offline data collection, sale, and use purpose – including a full description of the rights of a California resident under the CCPA and how to exercise those rights

    • Point of collection notice:  You must have some notice at the point of collectionof information that describes why the information is being collected.   A static link to your privacy policy at the bottom of the website page is not sufficient under the CCPA regulations.

    • Notice of Right to Opt-Out of Sale:   If your business “sells” personal information in the context of CCPA, you must provide a notice of the right to opt-out in accordance with the regulations.

    • Notice of Financial Incentives:  If you offer financial incentives in exchange for personal information (and the regulations have examples), you must provide very specific notice regarding this financial incentive

  • Respond to Consumer Rights Requests:  Your business should already have an operational method in place to respond to consumer rights requests under the CCPA.  It’s essential that your process be in strict compliance with all the CCPA requirements because failures to implement an intake process and act promptly on such requests can lead to consumer complaints and AG investigations.   Your record of consumer requests and responses must be maintained and made available (on request) for 24 months. 

©1994-2024 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

Current Legal Analysis

More from Mintz

HIPAA Privacy Protections for PHI related to Reproductive Health Care: The Final Rule and what Covered Entities and Business Associates need to Know
by: Cassandra L. Paolillo
DOL Releases Final Rule Substantially Increasing Minimum Salary Thresholds for Most Exempt Employees
by: H. Andrew Matzkin , Evan M. Piercey
Federal Circuit Affirms Obviousness of Rifaximin Polymorph Patents and Denial of Motion to Modify Judgment After Post-Trial Patented Indication Carve Out
by: Joseph D. Rutkowski , Peter J. Cuomo
In Split Vote, FTC Approves Controversial Final Rule Banning Most Post-Employment Non-Competes; Rule Already Subject to Challenge in Court
by: Talia R. Weseley , Danielle M. Bereznay
EU Imposes ESG Compliance Requirements for Companies' Supply Chains
by: Jacob H. Hupart
DOJ’s Criminal Division Announces Pilot Program on Voluntary Self-Disclosure for Individuals
by: Eoin P. Beirne , Nick A. LaPalme
CMS Publishes Final Rules Implementing Part C and Part D Program Changes
by: Tara E. Dwyer , Bridgette A. Keller
USPTO Issues Guidance on AI Use to Patent Professionals — AI: The Washington Report
by: Terri Shieh-Newton, PhD , Bruce D. Sokler
Some Harm is All it Takes – the Supreme Court Lowers the Bar for Title VII Discrimination Claims Involving Lateral Job Transfers
by: Paul M. Huston , Delaney M. Busch
Canada’s Federal Budget 2024: More Changes to the Stock Option Rules = More Headaches for Employers
by: Katy Pitch

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins