June 3, 2023

Volume XIII, Number 154


June 02, 2023

Subscribe to Latest Legal News and Analysis

June 01, 2023

Subscribe to Latest Legal News and Analysis

May 31, 2023

Subscribe to Latest Legal News and Analysis

Out Like a Lion: Revised CCPA Regulations and New Iowa Privacy Law

On March 29, 2023, the California Office of Administrative Law (OAL) approved the regulations implementing the California Consumer Privacy Act (CCPA). The regulations were approved by the California Privacy Protection Agency (CPPA) during its February 3rd meeting (see our report here) and filed with the OAL on February 14, 2023. The regulations are effective as of March 29, 2023. As soon as they are processed through the OAL, the CPPA will post the officially final regulations here.

The March 29th regulations are the first substantive regulations produced by the CPPA but are not complete. On February 10, 2023, the CPPA invited comments from the public on Cybersecurity Audits, Risk Assessments, and Automated Decision making as required by CCPA (Cal Civ Code § 1798.185(a)(15)-(16)). Comments were due on March 27. (See Privacy World’s discussion of these topics herehere and here.)

Meanwhile, on March 30th, the California Chamber of Commerce filed a lawsuit in Sacramento Superior Court against the CPPA and the California Attorney General. The CalChamber wants complete and final regulations and prohibitions on any civil or administrative CCPA enforcement until 12 months after regulations are adopted. The CalChamber asserts that California voters provided a one-year period for businesses to comply with CCPA, noting that the regulations approved on March 29th are an “incomplete set of regulations”. The CalChamber wants the court to order the CCPA to “adopt final regulations and abide by the timelines for enforcement that were approved by the voters.” No doubt businesses covered by CCPA would welcome the clarity of final regulations and assurance that CCPA enforcement will be delayed. Stay tuned for more on the next round of rule-making.

With much less hoopla, Iowa Governor Kim Reynolds signed Iowa’s comprehensive privacy law on March 28, 2023, noting that Iowa is the sixth US state to enact a general privacy law. Click here for our prior coverage on what we dubbed the Iowa Privacy Law, which goes into effect on January 1, 2025.

A busy end to March, indeed.

© Copyright 2023 Squire Patton Boggs (US) LLPNational Law Review, Volume XIII, Number 90

About this Author

Julia B. Jacobson New York Cybersecurity Attorney Squire Patton Boggs

Julia B. Jacobson is a Partner in Squire Patton Boggs' Data Privacy, Cybersecurity & Digital Assets Practice. For over 20 years, a world-class roster of national and multinational clients has turned to Julia for practical and tactical advice and counsel on privacy and cybersecurity compliance strategies, data breach response, technology transactions and marketing initiatives.

A significant portion of Julia’s practice is devoted to advising clients on an array of privacy, cybersecurity, data breach and data governance matters. She assists...

Kyle Dull Data Privacy & Cybersecurity Lawyer Squire Patton Boggs Miami Florida

A former assistant attorney general, Kyle has extensive experience investigating and litigating privacy and advertising law violations. He now draws on that experience to advise clients on their own data privacy, cybersecurity and advertising risks, and is regularly retained by corporations to defend and resolve enforcement actions.

Kyle has a solid understanding of domestic and international privacy laws and counsels digital media companies looking to protect their digital property and avoid potential legal issues by negotiating and drafting licensing, joint venture and data...

+1 305 577 2840
Alan L. Friel Data Privacy & Cybersecurity Attorney Squire Patton Boggs Los Angeles, CA

Alan Friel is the deputy chair of the firm’s Data Privacy & Cybersecurity Practice.

Alan is a thought leader in digital media, intellectual property, and privacy and consumer protection law, with three decades of relevant experience to address the intersection of law and technology.

Prior to joining the firm, Alan was a partner at a US law firm, where he led the US Consumer Privacy practice (in which he counseled clients on compliance with the California Consumer Privacy Act (CCPA) and other data privacy regimes), and the retail, restaurant and e-commerce industry...