Privacy & Information Security Law Blog

As we previously reported, the California Consumer Privacy Act of 2018 (“CCPA”) delays the California Attorney General’s enforcement of the CCPA until six months after publication of the Attorney General’s implementing regulations, or July 1, 2020, whichever comes first. The California Department of Justice anticipates publishing a Notice of Proposed Regulatory Action concerning the CCPA in Fall 2019.

The regulations aim to (1) establish procedures to facilitate consumers’ rights under the CCPA and (2) provide guidance to businesses regarding how to comply. As required under the CCPA, the regulations will address:

• the categories of personal information;
• the definition of unique identifiers;
• any exceptions necessary to comply with state or federal law, including, but not limited to, those relating to trade secrets and intellectual property rights;
• rules and procedures for (1) the submission of a consumer request to opt out of the sale of personal information pursuant to Section 1798.145(a)(1); (2) business compliance with a consumer’s opt-out request; and (3) the development and use of a recognizable and uniform opt-out logo or button by all businesses to promote consumer awareness of the opportunity to opt-out of the sale of personal information;
• adjusting the monetary threshold in Section 1798.140(c)(1)(A) in January of every odd-numbered year to reflect any increase in the Consumer Price Index;
• the establishment of rules, procedures and any exceptions necessary to ensure that the notices and information that businesses are required to provide are relayed in a manner that may be easily understood by the average consumer, are accessible to consumers with disabilities, and are available in the language primarily used to interact with the consumer; and
• the establishment of rules and procedures related to the verification of consumer requests.

Written comments may be submitted by email to privacyregulations@doj.ca.gov or by mail to the California Department of Justice, ATTN: Privacy Regulations Coordinator, 300 S. Spring St., Los Angeles, CA 90013. The deadline to submit written comments is March 8, 2019.