Technology

Data Analytics

Publications

CCPA Enforcement During COVID-19 Pandemic

March 25, 2020 Blog

The California Consumer Privacy Act (CCPA) that went into effect on January 1, 2020 provided for a grace period to allow companies additional time to come into compliance with the new regulation.  That grace period ensured the California Attorney General’s office would not bring enforcement actions until six months after publication of the office’s regulations, or July 1, 2020, whichever came first. The AG’s office continues to revise its proposed regulations, including revisions as recent as March 11, 2020, so the grace period is still currently scheduled to end July 1, 2020.

In light of the new circumstances caused by the global coronavirus pandemic, dozens in the business community have urged California’s attorney general to delay any enforcement of the CCPA, arguing that the pandemic has complicated and inhibited these organizations’ efforts to implement changes and meet the Act’s obligations, which continue to shift as the AG’s office issues ongoing regulatory changes.  This chorus urging delay includes the California Chamber of Commerce, the Advanced Medical Technology Association, and UPS. They are asking that the enforcement deadline be postponed to January 2, 2021.

While the coalition advocates for a delay—noting that such a deferral would help to relieve the new additional pressures caused by responding to COVID-19 and “would better enable business leaders to make responsible decisions that prioritize the needs and health of their workforce over other matters”—there is no sign yet that the Attorney General’s office is inclined to delay enforcement. Indeed, it may now be even more important that businesses are mindful of data security during this pandemic. According to reports, the AG’s office has indicated that it has no plans to delay the enforcement deadline, and calling out “the new reality created by COVID-19 and the heightened value of protecting consumers' privacy online that comes with it.” Moreover, it indicated it might begin earlier than July 1. But given that the statute allows earlier enforcement only if such time occurs six months after publication of the final regulations (which have yet to be published), it is difficult to see how it could lawfully do so.

We will be watching for any formal response from the AG’s office on this matter.  In the meantime, best practice would suggest that businesses continue to act as though AG enforcement will go into effect July 1, 2020, while balancing the new demands the ever-changing coronavirus situation is placing on them.

Firm Highlights

Publication

Twists in the Plot: California AG Releases Final CCPA Regulations

With a little time to consider the  finalized California Consumer Privacy Act regulations  released by the California Attorney General on August 14, 2020, it is clear that some last-minute negotiations (or perhaps just some...

Read More
Publication

Proposition 24: California’s Ever-Evolving Privacy Landscape

Next Tuesday is election day, and this year, California voters are deciding whether to support another statewide privacy initiative – the California Privacy Rights Act (CPRA) (Proposition 24).  This measure would expand on the...

Read More
Publication

PSDcast – Is Energy Companies' Customer Data a Trade Secret?

We often focus on the privacy issues involved in data collection – and they are critically important – while neglecting the idea of data as a tangible and valuable resource (and how to protect...

Read More
Publication

Electric Fence: Protecting Proprietary Rights in Collected Energy Data

Like companies in other industries, a growing number of modern energy-related companies are focusing their efforts on data collection and analysis. For example, Enphase – an energy technology company – regularly tracks data about how...

Read More
Publication

How Antitrust and Unfair Competition Laws Affect Platform Providers’ Relationships With ISVs, API Developers, and Scrapers

A wide variety of business and consumer platforms host mutually beneficial ecosystems. But these ecosystems are also fraught with antitrust risk that arises when platforms try to terminate or modify the terms of third-party...

Read More
Publication

Privacy During Bankruptcy Proceedings: Why It Matters

During these particularly trying times resulting from the COVID-19 pandemic, businesses of all sizes have been concerned about the future. As a result, considering potential liquidation or restructuring through bankruptcy is inevitably starting to...

Read More
Publication

Top 10 Practical Business Implications Arising From the Passage of the CPRA

California’s Proposition 24 passed as expected, and the new California Privacy Rights Act will change the privacy landscape created by the California Consumer Protection Act (CCPA), which went into effect only months ago. While...

Read More
Publication

Three Steps Licensees Can Take to Protect Their IP Rights in Bankruptcy

During periods of widespread economic disruption such as the present, operating businesses must be able to identify and respond to threats to the financial health of their contracting counterparts in order to protect key...

Read More
Publication

Undergoing Bankruptcy Proceedings? Here’s How to Make Sure PII Maintains Its Value

Due to the COVID-19 pandemic, some businesses are considering potential liquidation or restructuring through bankruptcy. Companies in this situation should keep privacy concerns in mind, because the handling of personal data in bankruptcy proceedings...

Read More
Publication

Arbitration Agreements in Privacy Disputes: The Wyze Decision and the CCPA

Earlier this year, a number of individuals brought a lawsuit in the United States District Court for the Western District of Washington against Washington-based company Wyze Labs, Inc (Wyze), which manufactures “smart” home cameras...

Read More