September 20, 2020

Volume X, Number 264

September 18, 2020

Subscribe to Latest Legal News and Analysis

September 17, 2020

Subscribe to Latest Legal News and Analysis

What Will Come First: Pending CCPA Amendment Could Clarify Key Exemptions

With the current limited exemptions under CCPA for employment and business-to-business related information set to expire January 1, 2021, there is uncertainty over when businesses should prepare to extend CCPA compliance efforts to this type of information. However, a pending amendment in the California senate, and/or the impending CPRA ballot initiative in November may bring clarity to the issue.

Assembly Bill 1281 (AB 1281), a bill amended in late June, would extend the CCPA exemptions until January 1, 2022. However, this bill would take effect only if it is enacted and the California Privacy Rights Act of 2020 (CPRA) is not approved in the statewide general election on November 3. CPRA would extend the exemptions to January 1, 2023.  In sum, companies have three different potential outcomes to prepare for with respect to the employment and business-to-business related information exemptions:

  • If neither AB 1281 and the CPRA is approved, then the exemptions will expire on January 1, 2021.

  • If AB 1281 is passed and the CPRA is not approved, the exemptions will expire on January 1, 2022.

  • Notwithstanding AB 1281, if the CPRA is approved, then the exemptions will expire on January 1, 2023.

AB 1281 is scheduled to be heard before the Judiciary Committee on August 12. In California, both houses have until August 31 to pass bills. September 30 is the last day for Governor Newsom to sign or veto bills.

Putting it Into Practice. If AB 1281 is enacted, businesses will at least know they have until January 1, 2022 for the exemption to apply. We will continue to monitor the status of AB 1281 because if it is not enacted, the CPRA will become even more important to businesses deciding when they must extend their CCPA compliance program to other types of information.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume X, Number 220


About this Author

Julia Kadish is an attorney in the Intellectual Property Practice Group in the firm's Chicago office.

Areas of Practice

Julia's practice focuses on data breach response and preparedness, reviewing clients' products and services for privacy implications, drafting online terms and conditions and privacy policies, and advising clients on cross-border data transfers and compliance with US and international privacy regulations and standards. She also workes on drafting and negotiating software licenses, data security exhibits, big data licenses, professional...

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and external practitioners alike.”

She is known as an industry leader in the privacy and data security space and is consistently recognized by Leading Lawyers Network, Chambers and The Legal 500, and leading publications and organizations for her work in this area of law. Liisa was recently recognized as the 2017 Data Protection Lawyer of the Year - USA by Global 100, the 2017 U.S. Data Protection Lawyer of the Year by Finance Monthly, and the “Best in Data Security Law Services” at Corporate LiveWire’s 2017 Global Awards.


Craig Cardon serves as Co-chair of Sheppard Mullin’s Privacy & Data Security Group and as the International Liaison for the firm’s China offices. Craig is a partner in the Entertainment, Technology and Advertising and the Intellectual Property Groups in Sheppard Mullin's San Francisco and Century City offices.

Areas of Practice

Craig enjoys a broad advertising, privacy and ecommerce focused practice. He primarily represents brands, retailers, ad agencies, ad networks and other business involved in...

Rachel Hudson, Lawyer, Sheppard Mullin, Intellectual Property Practice Group

Rachel Tarko Hudson is an associate in the Intellectual Property Practice Group in the firm's San Francisco office.

Areas of Practice

Rachel advises clients in the retail, technology, media, and other industries in online and mobile e-commerce transactions and vendor agreements, intellectual property licensing, commercial and development agreements, and other transactional matters. She assists clients in complying with domestic and international privacy laws, clearing advertising campaigns, conducting contests and sweepstakes promotional initiatives, and...