Final CCPA Regulations Progress to Administrative Review

On June 2, the Office of the California Attorney General (OAG) announced that it had submitted the Final Text of the Proposed Regulations under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL) for approval. In addition to the Final Text of the Proposed Regulations, the OAG also submitted, among other materials, (i) the Final Statement of Reasons, which set forth the OAG’s bases for the necessity of the proposed regulations, and (ii) the public comments received by the OAG during each of the three comment periods held for the draft regulations and the OAG’s responses. The OAG designation of the Final Text of the Proposed Regulations means there will be no additional opportunities for public comment. 

Although typically the OAL has 30 business days from the date of submission to review and finalize proposed regulations to ensure compliance with the Administrative Procedure Act, in early March Governor Newsom issued Executive Order N-40-20 extending such review period by an additional 60 calendar days because of the COVID-19 pandemic. In a separate Written Justification for Earlier Effective Date and Request for Expedited Review letter to the OAL, the OAG requested expedited review of the regulations–specifically requesting that the OAL complete its review of the proposed regulations within 30 business days despite the Governor’s extension. The OAG also requested that the regulations become effective on the same day they are filed with the California Secretary of State. Once approved by the OAL, the Final Text of the Proposed Regulations will be filed with the California Secretary of State and, if the OAL complies with the OAG’s requests, will become enforceable in mid-July.

The OAG Points to the Importance of Data Privacy Now and in the Post-Pandemic World

In a press release issued by the OAG on Tuesday, Attorney General Becerra was quoted as saying: “As our lives increasingly move online, our data privacy becomes more important than ever. The California Consumer Privacy Act, which gives consumers choice and control over personal information in the marketplace, is game-changing and historic. … Our regulations provide businesses and individuals with guidance on how to protect that choice and boost transparency, while continuing to unleash innovation. Businesses have had since January 1 to comply with the law, and we are committed to enforcing it starting July 1.”

We are closely monitoring further developments on the CCPA and the final regulations, so please check back for further updates. 

To see our prior alerts and other material related to the pandemic, please visit the Coronavirus/COVID-19: Facts, Insights & Resources page of our website by clicking here. 

About Us
In today’s digital world, where data has become a key asset for conducting business, companies continue to face greater privacy and cybersecurity challenges. At Lowenstein Sandler, our Privacy & Cybersecurity team helps clients navigate the rapidly evolving, increasingly complex privacy and security law landscape in the United States, the EU, and around the world. We deliver innovative privacy and security solutions that meet our clients’ critical business needs including the commercialization of data assets in a legally compliant manner. Our targeted counsel is relevant to companies across diverse industry sectors, and public and private companies from start-ups to global enterprises.