Insights
Publications

CCPA Enforcement During COVID-19 Pandemic

March 25, 2020 Blog

The California Consumer Privacy Act (CCPA) that went into effect on January 1, 2020 provided for a grace period to allow companies additional time to come into compliance with the new regulation.  That grace period ensured the California Attorney General’s office would not bring enforcement actions until six months after publication of the office’s regulations, or July 1, 2020, whichever came first. The AG’s office continues to revise its proposed regulations, including revisions as recent as March 11, 2020, so the grace period is still currently scheduled to end July 1, 2020.

In light of the new circumstances caused by the global coronavirus pandemic, dozens in the business community have urged California’s attorney general to delay any enforcement of the CCPA, arguing that the pandemic has complicated and inhibited these organizations’ efforts to implement changes and meet the Act’s obligations, which continue to shift as the AG’s office issues ongoing regulatory changes.  This chorus urging delay includes the California Chamber of Commerce, the Advanced Medical Technology Association, and UPS. They are asking that the enforcement deadline be postponed to January 2, 2021.

While the coalition advocates for a delay—noting that such a deferral would help to relieve the new additional pressures caused by responding to COVID-19 and “would better enable business leaders to make responsible decisions that prioritize the needs and health of their workforce over other matters”—there is no sign yet that the Attorney General’s office is inclined to delay enforcement. Indeed, it may now be even more important that businesses are mindful of data security during this pandemic. According to reports, the AG’s office has indicated that it has no plans to delay the enforcement deadline, and calling out “the new reality created by COVID-19 and the heightened value of protecting consumers' privacy online that comes with it.” Moreover, it indicated it might begin earlier than July 1. But given that the statute allows earlier enforcement only if such time occurs six months after publication of the final regulations (which have yet to be published), it is difficult to see how it could lawfully do so.

We will be watching for any formal response from the AG’s office on this matter.  In the meantime, best practice would suggest that businesses continue to act as though AG enforcement will go into effect July 1, 2020, while balancing the new demands the ever-changing coronavirus situation is placing on them.

Firm Highlights

Publication

Federal “COVID-19 Consumer Data Protection Act” Proposed

A group of Republican senators has proposed a new privacy law to govern the collection and use of certain personal information thought to be both important and at risk during the current coronavirus crisis...

Read More
Publication

A Roadmap to Litigating Privacy Claims? A Look at a Recent Order From the Google Assistant Privacy Litigation

As privacy-related litigation continues to heat up, Judge Beth Freeman (ND Cal.) recently laid out in In re Google Assistant Privacy Litigation (Case No. 19-cv-04286) [1] a potential roadmap for surviving or winning a...

Read More
Publication

Signatures Submitted for Inclusion of New California Privacy Law on November Ballot

Californians for Consumer Privacy has announced that it has secured and submitted enough signatures to qualify its California Privacy Rights Act (“CPRA”) for inclusion on California’s November 2020 ballot. Alistair Mactaggart, the architect behind...

Read More
Publication

Senate Democrats Release Competing COVID-19 Privacy Bill

Democratic Senators Richard Blumenthal and Mark Warner have introduced the  Public Health Emergency Privacy Act  in response to  the bill of the same subject released by Senate Republicans  (the  COVID-19 Consumer Data Protection Act...

Read More
News

GDPR in 2020: What You Need to Know

In the article "GDPR in 2020: What You Need to Know," Nate Garhart discussed the newly clarified guidelines for extraterritorial application of GDPR. Read the full article on Toolbox , here .

Read More
Publication

Reopening Plans and Recommended Protocols Beg New Privacy Issues

While far from getting us back to any kind of normal that predated the COVID-19 pandemic, states have begun to relax lockdown requirements and some previously closed “nonessential” businesses are returning to operations. With...

Read More
Publication

Trademark Office Deadlines and Coronavirus-Related Delays (Updated)

With all of the business interruption caused by the COVID-19 pandemic, many worldwide trademark offices have taken steps to recognize the issues caused by the crisis. The offices in which applicants from the U.S...

Read More
Publication

Reopening Businesses Must Consider Employee and Consumer Privacy

While we’re far from returning to the “normal” that predated the COVID-19 pandemic, states have begun to relax lockdown requirements and some previously “nonessential” businesses are returning to operations. Along with these openings, governmental...

Read More
Publication

Zoom Successfully Addresses New York’s Privacy and Security Concerns

A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom , as it becomes a significant part of American daily life during the COVID-19 pandemic. ...

Read More
News

In Novel Case, Insurer Sues Own Law Firm After Data Breach

Tyler Gerking was quoted in the Law360 article "In Novel Case, Insurer Sues Own Law Firm After Data Breach." In the article Tyler said, "This case shows some of the hazards that all companies face...

Read More