Hallelujah, the attorney general’s implementation regulations for the California Consumer Privacy Act (CCPA) have been approved by the Office of Administrative Law (OAL).
I’ll let California AG Xavier Becerra tell you about the joyous news himself:
The final #CCPA regulations
▪️instruct businesses on how to comply with the CCPA
▪️provide tools to empower consumers to control who has their personal data and how its used
▪️and foster innovation.
— Xavier Becerra (@AGBecerra) August 14, 2020
The approved regulations take effect immediately.
For anyone who needs some weekend reading, apparently there were additional revisions made to the proposed regulations during the OAL’s review process, although the AG’s office neglected to explain or enumerate these changes in its announcement about the regs’ approval.
Although the CCPA itself went into effect on Jan. 1 and enforcement began on July 1, businesses have had to wait for the AG’s regs, which are meant to provide them with practical information they can use to operationalize and comply with the law.
It’s been an odyssey to arrive at this point. Between now and when the first draft dropped in October there have been seven public forums, an additional four public hearings, a 45-day comment period on Draft No. 1 and two subsequent 15-day comment periods on the drafts that followed.
Anyway, better late than never, and now everyone can just chill out and focus on CCPA compliance, right?
Not exactly. While CCPA compliance is de rigueur, another, even tougher proposal from Alastair Mactaggart, the man that brought you CCPA, is slated to appear on the Nov. 3 ballot in California. Meet the California Privacy Rights and Enforcement Act (CPRA).
If CPRA passes, it would become law on Jan. 1, 2023, enforceable on July 1 of that year and greatly expand data privacy rights for California residents.