On October 10, 2019, the California Attorney General (California AG) issued the long-awaited
California Consumer Privacy Act (CCPA) Regulations (Proposed Regulations), along with an Initial Statement of Reasons (ISOR) explaining the Proposed Regulations. These Proposed Regulations not only fill in statutory gaps, but also create several substantive new requirements. Companies may submit comments through December 6, 2019, and several public hearings will be held in the first week of December. Our Data Privacy & Cybersecurity Practice can assist you in drafting comments to the California AG during this public comment period.

Although we are highlighting key points from our initial review of the Proposed Regulations and the ISOR, these materials are complex and will be subject to continued review by, and further guidance from, our team of experts. The final regulations that are adopted following the comment period may differ from the Proposed Regulations. As we will not have the final regulations until close to or after the effective date of January 1, 2020, we are recommending that our clients take steps now toward developing consumer-facing documents, as well as internal policies and procedures, that reasonably comply with the Proposed Regulations pending the final outcome of the rulemaking process.

What Is Addressed by the Proposed Regulations?

The Proposed Regulations focus on privacy notice mechanics and details; requirements for evaluating and responding to individual rights requests; and other miscellaneous issues. The Proposed Regulations do not, however, clarify exemptions, applicability thresholds or the meaning of “sale” under the CCPA. Notably, the California AG considered and rejected the concept of a “GDPR safe harbor” because the two laws have too many differences.

Click here to read the full article