Earlier today, the California Attorney General ended months of anticipation by releasing the text of his proposed California Consumer Privacy Act (CCPA) regulations. Comments on the proposed regulations are due by December 6, 2019, and the Attorney General’s office will hold public hearings on the regulations on December 2 (Sacramento), December 3 (Los Angeles), December 4 (San Francisco), and December 5 (Fresno).
The CCPA requires the Attorney General to issue regulations on a number of topics, and, from the moment the bill was first enacted, many commentators hoped that the regulations would provide important guidance on the challenging issues and ambiguities present in the hastily-drafted Act. Given this level of attention, it is thus unsurprising that the Attorney General only released his proposed regulations after a lengthy comment period during which he solicited views from affected parties and held numerous hearings all over the State.
As expected, the regulations address numerous topics of interest to businesses in the midst of CCPA compliance efforts, providing guidance on: what content must appear in privacy policies, how businesses should respond to data subject requests, what verification standards businesses should use, how to treat household requests, and many, many other key topics. While Data Matters will have a detailed analysis of these new regulations in coming days, we are putting out this post now to make sure privacy watchers are aware of this important development.