Skip to main content

Analysis of Attorney General Regulations to the California Consumer Privacy Act – A Series

The California Attorney General’s office (CA AG) has published the long-awaited implementing regulations to the California Consumer Privacy Act (CCPA).  In addition to the regulations, the CA AG also released a Notice of Proposed Rulemaking and Initial Statement of Reasons  to support the draft regulations. The CA AG will hold a series of public hearings as outlined in the Notice of Proposed Regulations, and will be accepting written comments from the public on the regulations until 5:00 PM PST on December 6, 2019.   According to the CA AG, it plans to publish the final set of CCPA regulations in the spring of 2020.   Under the CCPA, the CA AG must adopt final implementing regulations no later than July 1, 2020. 

The proposed regulations create many new requirements and operational challenges for businesses required to comply with the CCPA.  Although these are only “proposed regulations” and not final, businesses should take this time period to adopt the necessary processes based on these draft regulations.

Our five-part series will analyze in detail the various important “clarifications” and operational requirements in key areas:

  • Part 1:  Notices to Consumers
  • Part 2:  Business Practices for Handling Consumer Requests
  • Part 3:  Verification of Requests
  • Part 4:  Special Rules Regarding Minors
  • Part 5:  Non-Discrimination

Tomorrow, our first installment will drill down on the new requirements outlined in Article 2 of the proposed regulations that will relate to all notices to be provided to consumers.  Businesses will need to pay close attention to revisions of privacy policies and other notices.

And don’t forget to register for our upcoming webinar on October 22, 2019:  California Consumer Privacy Act for Employers:  What Now? 

All the Mintz Privacy & Cybersecurity team CCPA content, including recordings of our past webinars, can be found in our CCPA Toolkit.

Subscribe To Viewpoints


Christopher J. Buontempo is a Mintz corporate attorney and a Certified Information Privacy Professional (CIPP). He has significant experience handling issues relating to technology, data privacy and security, brand protection, contract negotiation, licensing, and product development.

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.