Insights
Publications

CCPA Enforcement During COVID-19 Pandemic

March 25, 2020 Blog

The California Consumer Privacy Act (CCPA) that went into effect on January 1, 2020 provided for a grace period to allow companies additional time to come into compliance with the new regulation.  That grace period ensured the California Attorney General’s office would not bring enforcement actions until six months after publication of the office’s regulations, or July 1, 2020, whichever came first. The AG’s office continues to revise its proposed regulations, including revisions as recent as March 11, 2020, so the grace period is still currently scheduled to end July 1, 2020.

In light of the new circumstances caused by the global coronavirus pandemic, dozens in the business community have urged California’s attorney general to delay any enforcement of the CCPA, arguing that the pandemic has complicated and inhibited these organizations’ efforts to implement changes and meet the Act’s obligations, which continue to shift as the AG’s office issues ongoing regulatory changes.  This chorus urging delay includes the California Chamber of Commerce, the Advanced Medical Technology Association, and UPS. They are asking that the enforcement deadline be postponed to January 2, 2021.

While the coalition advocates for a delay—noting that such a deferral would help to relieve the new additional pressures caused by responding to COVID-19 and “would better enable business leaders to make responsible decisions that prioritize the needs and health of their workforce over other matters”—there is no sign yet that the Attorney General’s office is inclined to delay enforcement. Indeed, it may now be even more important that businesses are mindful of data security during this pandemic. According to reports, the AG’s office has indicated that it has no plans to delay the enforcement deadline, and calling out “the new reality created by COVID-19 and the heightened value of protecting consumers' privacy online that comes with it.” Moreover, it indicated it might begin earlier than July 1. But given that the statute allows earlier enforcement only if such time occurs six months after publication of the final regulations (which have yet to be published), it is difficult to see how it could lawfully do so.

We will be watching for any formal response from the AG’s office on this matter.  In the meantime, best practice would suggest that businesses continue to act as though AG enforcement will go into effect July 1, 2020, while balancing the new demands the ever-changing coronavirus situation is placing on them.

Firm Highlights

Publication

Zoom & Schools: New Privacy Issues Arise

As school districts increasingly rely on Zoom to facilitate online classes, and in many cases are expressly directing students to download and use the app, it implicates new legal concerns for the company. State...

Read More
News

GDPR in 2020: What You Need to Know

In the article "GDPR in 2020: What You Need to Know," Nate Garhart discussed the newly clarified guidelines for extraterritorial application of GDPR. Read the full article on Toolbox , here .

Read More
Publication

What California’s New Security Law Means to Your Business

Commonsense IoT security steps that startups and small business should consider to comply with California’s new law California recently enacted a new law, Senate Bill 327, that requires companies that make Internet of Things...

Read More
Publication

Is your company covered by California's new privacy law?

Privacy image
Read More
Publication

Trademark Office Deadlines and Coronavirus-Related Delays

With all of the business interruption caused by the COVID-19 pandemic, many worldwide trademark offices have taken steps to recognize the issues caused by the crisis. The offices in which applicants from the U.S...

Read More
Publication

Going it Alone: How to Manage Cybercrime Response With Less Government Help

By: Jessica K. Nall, Chair, White Collar Defense and Corporate Investigations practice and Aviva J. Gilbert, Senior Associate, White Collar Defense and Corporate Investigations practice, Farella Braun + Martel [1] Several years ago when...

Read More
Publication

Public Ends From Private Means: Privacy Rights and Benevolent Use of Personal Data

With the explosion of COVID-19 cases worldwide, companies and governments have expanded their interest in the use of the vast stores of consumer data. Even where such collection and use of personal data is ostensibly...

Read More
Publication

Force Majeure and Contractual Non-Performance During the Coronavirus Pandemic

Never in the experience of most of us has an event so thoroughly interrupted business as usual as the coronavirus (COVID-19) pandemic. Everywhere, contract parties facing severe stress in their businesses are reassessing their contractual...

Read More
Publication

New CCPA Lawsuit Against Zoom: Issues to Watch

As large portions of society become subject to coronavirus-related quarantines, increasing numbers of people have turned to web-based communications platforms for classes, meetings, events, and socialization. One such platform, Zoom, has become, in some...

Read More
Publication

Data Scraping Under the Revised CCPA Regulations

On March 11, 2020, California Attorney General Xavier Barrera released a second revision to the draft California Consumer Privacy Act (CCPA) regulations . The new draft contains a number of important changes to the...

Read More