<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

Could CCPA Enforcement Be Delayed?

As the proposed amendment California Privacy Rights Act (CPRA) teeters on the edge of uncertainty, so could the enforcement date for the California Consumer Privacy Act (CCPA). The California attorney general has previously stated that the enforcement date for the CCPA will begin July 1, 2020, leaving many businesses rushing to ensure they meet CCPA compliance to avoid potential fines. However, the attorney general's draft for the proposed enforcement regulation needs to be submitted to the state Office of Administrative Law (OAL) for review along with the State Administrative Procedures Act to enforce such regulations.

All Posts

CCPA Enforcement Deadline: What to Expect on July 1st

Signed into law on June 28, 2018, the California Consumer Privacy Act (CCPA) became effective on January 1, 2020. The next milestone will be on July 1, 2020, when the California Attorney General will begin enforcement for the CCPA.

Non-compliance can result in the maximum fine of $7,500 per violation. When you consider how many consumer records you hold, the potential fines could stack up quickly if you don't take CCPA seriously. We still don’t know exactly what enforcement will look like since we haven't yet approached July 1st, but the Attorney General has established a firm stance on compliance by stating,

"If they are not (operating properly) ...I will descend on them and make an example of them, to show that if you don't do it the right way, this is what is going to happen to you." - Attorney General Xavier Becerra

Since nothing like the CCPA has surfaced in the US before, no one knows for sure what enforcement will look like. However there are several indicators of the AG's intent on enforcing the CCPA. 

The AG has a complaint link posted for consumers:

Consumer Complaint Against A Business/Company

By setting up a mechanism (prior to July 1st) to empower consumers, this indicates the AG is serious about consumer rights and enforcement. This provides consumers with an easy way to post a complaint against a business.

If we look at what has happened with GDPR, what often drives enforcement is volume of complaints against a company and breaches which invites a complete review of that company. Large companies like Facebook and Google are obvious targets for the CCPA and are likely top of mind for the California AG, however that doesn't mean he will ignore all others in scope. 

“We will look kindly, given that we are an agency with limited resources, and we will look kindly on those that ... demonstrate an effort to comply,”
-Attorney General Xavier Becerra

So, what does this mean for you? The best thing you can do to prepare for enforcement is to do SOMETHING. A complete lack of effort for compliance will be obvious. We believe that some of the easiest elements to enforce will be:

 

  1. The "Do Not Sell My Personal Information" link
A clear and conspicuous link titled “Do Not Sell My Personal Information” on the home page and privacy policy.

Do Not Sell My Personal Information LinkThe Washington Post published a list of enterprise companies that have the links available on their sites, they also reference several other resources that provide the links as well. This indicates consumers are already looking for this link, and if they don't find it, it could lead to enforcement issues. 

2. Intake Method

If you are in scope of the CCPA, you should provide a way for consumers to exercise their data rights. Having some kind of intake method and a process for responding to those requests will be key for enforcement compliance.

Macy's Truyo Platform

3. Notices

 
You have an obligation to inform your consumers about the collection and use of any personal information under the CCPA. Ensuring you have the proper notices up is key to stave off compliance uncertainty. These notices must be conspicuous, understandable, and ADA compliant.
 
Once July 1st approaches, and we begin to see enforcement data, we'll have a better understanding of what enforcement looks like, but until then, the best thing you can do is to make a genuine effort toward compliance and be prepared to make adjustments as needed.
 
Need help with your CCPA enforcement readiness? We'd love to simplify the process. 

Request a demo of our privacy rights platform to learn how we can help you automate, organize and update your procedures to help meet compliance requirements under the CCPA, and future laws, one step at a time.

Truyo
About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

Could CCPA Enforcement Be Delayed?

As the proposed amendment California Privacy Rights Act (CPRA) teeters on the edge of uncertainty, so could the enforcement date for the California Co...

Truyo Introduces Nationwide Virtual Privacy Leaders Circle

Truyo adds a fresh perspective to virtual events, with the launch of the Privacy Leaders Circle. This new nationwide network will bring privacy decisi...

CCPA 2.0/CPRA (California Privacy Rights Act) – Teetering On the Edge

Despite missing the April 21, 2020 target date, the advocacy group, Californians for Consumer Privacy, is still moving forward with their attempt to q...

Did Mactaggart fail to submit signatures for the CPRA?

Did Mactaggart fail to submit signatures in time for the California Privacy Rights Act (“CPRA”) to be on the ballot for the November 3rd election? It ...