eDiscovery Daily Blog

Parties Are Battling Over Whether COVID-19 Should Delay CCPA Enforcement: Data Privacy Trends

With so many other initiatives being delayed because of the coronavirus pandemic, it was only a matter of time before compliance with the California Consumer Privacy Act (CCPA) was one of those being considered. However, despite several organizations pushing for enforcement of CCPA to be pushed back six months to January 1 of next year, other organizations are resisting any delay by the state.

According to LAW360 (COVID-19 Fuels Heated Fight Over CCPA Enforcement Timing, written by Allison Grande), the California attorney general’s office has said it has no intention to cave to mounting pressure from businesses (including the California Chamber of Commerce, UPS, the Internet Coalition, the Association of National Advertisers and 30 others) to delay enforcement of the California Consumer Privacy Act until early next year.  However, calls for such a pause are only likely to intensify in the coming months as the novel coronavirus forces companies to reevaluate their priorities and stretches IT departments thin, attorneys said.

“Companies understandably need to focus now almost singularly on the health and safety of their employees and consumers and on business continuity,” said BakerHostetler partner Alan Friel, whose firm filed comments with the attorney general on March 16 arguing for the planned July 1 enforcement deadline to be extended by six months.

“Just as tax return and payment obligations have been pushed back to allow time and resources to be directed to COVID-19 response, so should the CCPA enforcement date,” Friel said.

That stance has faced resistance from advocacy groups such as Consumer Reports, which has urged the state to stay the course in order to ensure that the CCPA’s robust consumer protections are being properly implemented during these unprecedented times.

The Electronic Privacy Information Center has also opposed the bid to delay enforcement, with its president, Marc Rotenberg, telling Law360 that he was “very disappointed” to see the business community attempting “to use a public health crisis as a reason to delay implementation” of the law.

“That is both reckless and irresponsible,” he said.

However, even if the California Chamber of Commerce, UPS, the Association of National Advertisers and others are successful in their bid to secure a delay or even a formal assurance that the state will go easy on enforcement, companies can’t just write off their obligations to adhere to the law, which took effect Jan. 1, or to implement regulations that the attorney general is still drafting.

While Attorney General Xavier Becerra isn’t allowed to begin bringing enforcement actions until July, nothing prevents the regulator from coming down on companies for conduct that dates back to the law’s Jan. 1 effective date, and the attorney general has already said he intends to hold businesses accountable for their actions across CCPA’s entire lifespan.  Of course, business groups, in both their latest letter and a separate January correspondence seeking a similar enforcement delay, have also urged the attorney general to take into account that the regulations meant to help guide companies’ implementation of the novel law haven’t been finished.  So, as usual, the CCPA situation is clear as mud.

By the way, LAW360 is offering free coronavirus legal news during the pandemic, including this resource that enables you to see the latest with regard to the affect of the pandemic on Federal and State courts.  Simply hover your cursor over the state (or territory) to see an update for that selection.  Postponements of dockets are pretty much universal all over – the only question is for how long.

So, what do you think?  Should organizations be responsible for compliance with CCPA during the pandemic, especially given that the California AG hasn’t finished the regulations yet?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.