Skip to main content

Analysis of Attorney General Regulations to the California Consumer Privacy Act – A Series

The California Attorney General’s office (CA AG) has published the long-awaited implementing regulations to the California Consumer Privacy Act (CCPA).  In addition to the regulations, the CA AG also released a Notice of Proposed Rulemaking and Initial Statement of Reasons  to support the draft regulations. The CA AG will hold a series of public hearings as outlined in the Notice of Proposed Regulations, and will be accepting written comments from the public on the regulations until 5:00 PM PST on December 6, 2019.   According to the CA AG, it plans to publish the final set of CCPA regulations in the spring of 2020.   Under the CCPA, the CA AG must adopt final implementing regulations no later than July 1, 2020. 

The proposed regulations create many new requirements and operational challenges for businesses required to comply with the CCPA.  Although these are only “proposed regulations” and not final, businesses should take this time period to adopt the necessary processes based on these draft regulations.

Our five-part series will analyze in detail the various important “clarifications” and operational requirements in key areas:

  • Part 1:  Notices to Consumers
  • Part 2:  Business Practices for Handling Consumer Requests
  • Part 3:  Verification of Requests
  • Part 4:  Special Rules Regarding Minors
  • Part 5:  Non-Discrimination

Tomorrow, our first installment will drill down on the new requirements outlined in Article 2 of the proposed regulations that will relate to all notices to be provided to consumers.  Businesses will need to pay close attention to revisions of privacy policies and other notices.

And don’t forget to register for our upcoming webinar on October 22, 2019:  California Consumer Privacy Act for Employers:  What Now? 

All the Mintz Privacy & Cybersecurity team CCPA content, including recordings of our past webinars, can be found in our CCPA Toolkit.

Subscribe To Viewpoints

Authors

Christopher J. Buontempo is a Mintz corporate attorney and a Certified Information Privacy Professional (CIPP). He has significant experience handling issues relating to technology, data privacy and security, brand protection, contract negotiation, licensing, and product development.

Brian H. Lam

Associate

Brian H. Lam  is an attorney in Mintz’s Privacy & Security Practice and Technology Transactions Practice. Brian provides practical advice on the collection, use, storage, transfer, and potential loss of data. He negotiates complex data-centric information technology agreements.

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.
Natalie A. Prescott is a Mintz attorney and Certified Information Privacy Professional. She defends clients in high-stakes product liability matters, UCL § 17200 and false advertising cases, mass torts, and consumer class actions. Natalie also handles MDL proceedings and product liability litigation.

Elana R. Safner

Associate

Elana R. Safner is an attorney who advises Mintz clients on public policy, regulatory issues, and disputes affecting the communications sector. Elana also handles privacy and cybersecurity matters. She has CIPP certification from the International Association of Privacy Professionals.