California’s Attorney General (AG) released its long-awaited proposed regulations for the California Consumer Privacy Act (CCPA), providing guidance on how to comply with the new privacy law. The CCPA, which was signed into law into law in June 2018, takes effect on January 1, 2020, and requires the AG to implement regulations by July 1, 2020.

The proposed regulations mainly provide procedural details, including process requirements regarding:

  • Notices to consumers, such as what must be included in the notice and when the notice must be provided;
  • Handling and processing consumer requests, such as requests to delete information;
  • Verification processes to ensure the request is received from the correct person; 
  • Requirements for company privacy policies; and
  • Handling special situations, such as if the consumer is a minor.

The AG is set to hold four public hearings on the issue in Sacramento, Los Angeles, San Francisco, and Fresno between December 2 and December 5. The AG also invites public comments on its proposed regulations, which are due by December 6. Instructions on where to send public comments can be found here.

This will be the second round of public hearings held by the AG regarding the CCPA. Earlier this year, the AG held several public forums to get input on the CCPA itself. Summaries of those forums can be found as follows:


insideARM Perspective

When California’s Governor signed the CCPA into law—less than a week after the bill was retrieved from an inactive file—companies raised a lot of concerns, primarily regarding the uncertainty of the new requirements due to vagueness in the statute. One major concern was the timeline—the CCPA goes into effect on January 1, 2020, but the AG has until July 1, 2020, to release its regulations governing the CCPA. The gap leaves companies in an odd place. 



Next Article: First Court in Ninth Circuit Footprint Finds ...