Skip to main content

BREAKING NEWS – California AG Becerra Seeks Expedited Review of CCPA Regulations

The California AG’s office has dropped the long-awaited final CCPA Regulations, and requested expedited review from the Office of Administrative Law.    If this request is granted, the regulations will be effective by July 1.

The text of the AG’s request is below:



The California Consumer Privacy Act (CCPA) was enacted in 2018 and took effect on January 1,

2020. The California Consumer Privacy Act requires the Attorney General to adopt initial

regulations by July 1, 2020.


To prepare the proposed regulations, the Attorney General’s Office held seven preliminary

rulemaking statewide events, met with numerous stakeholder organizations, consulted with

experts, conducted four public hearings, and reviewed over 300 written comment letters. The

Notice of Proposed Rulemaking Action was published on October 11, 2019, and in an effort to

expedite final regulations, the Attorney General is submitting its rulemaking package four

months prior to the one-year deadline under the Administrative Procedure Act, codified at

Government Code section 11346.4, subdivision (b). Once final regulations are adopted, the

Attorney General will enforce the regulations that establish procedures to facilitate new

consumer rights under the CCPA and provide guidance to businesses for how to comply.


The Attorney General’s Office requests expedited review and that these regulations become

effective upon filing with the Secretary of State. While the Attorney General is mindful of the

challenges imposed by COVID-19 and Governor Newsom’s Executive Order N-40-20 granting

additional time to finalize proposed regulations, the Attorney General respectfully requests that

the Office of Administrative Law complete its review within 30 business days, given the

statutory mandate for regulations.


We will have an analysis of the final regulations against the last version published in March.  Watch this space.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.