On June 1, 2020, the California AG submitted the final text of the proposed CCPA regulations to the Office of Administrative Law (OAL). There were no changes to the final text from the last CCPA Regulations the version released in March, which we previously summarized.

The OAL typically has 30 working days to review and approve submitted regulations. An executive order related to COVID-19 extends that review period an additional 60 days. Once approved by OAL, the final text is filed with the Secretary of State and becomes law. While that timeline would suggest that the regulations might not be effective until an October timeframe, the AG requested an expedited review to allow the regulations to become effective July 1. The AG has publicly said that it intends to enforce the law beginning July 1.

The final text also is accompanied by a revised Statement of Reasons that explains the basis for the regulations and outlines textual changes from the initial draft regulations published on October 11, 2019.

Putting it Into Practice: While it may be unclear the exact effective date of the CCPA regulations, companies are reminded that the statute already went into effect on January 1.  The AG has the authority to begin enforcing violations beginning July 1, 2020 and said “[b]usinesses have had since January 1 to comply with the law, and we are committed to enforcing it starting July 1.”  Companies should keep in mind the laws’ requirements regarding notice and access, as well as the implications on data that might be viewed as being “sold” (as that term is expansively defined).