What a difference a year can make, especially this past one! Back in February 2020, I wrote about some of the anticipated effects implementation of California’s Consumer Privacy Act (CCPA) would have on digital marketers and brand compliance teams. As with just about all other aspects of our lives, COVID-19 ended up having a major impact on the implementation and enforcement timelines of CCPA. Here’s a short update on where things stand as of June 2021.
Throughout 2020, California’s Attorney General opted to decline enforcement of CCPA, and in September, the state legislature passed a bill extending the start date to January 1, 2022, when businesses will need to comply with the majority of CCPA requirements. Currently, businesses still need to comply with CCPA’s notice-at-the-time-of-collection requirement and are still subject to the CCPA’s data breach provision, but for now the majority of the law’s onerous obligations do not need to be addressed by your marketing, operations and compliance teams.
To get a head start on your 2022 planning, read through our previous article on CCPA, which highlights the primary obligations that marketing, operations and compliance teams need to be aware of with regards to CCPA compliance.
Since our initial article post, one substantial provision change to the bill was the number of California-based consumers a business collects personal information on to trigger the requirement to compile and publish metrics on the number of CCPA requests they receive and comply with annually. The updated threshold has changed from 4 million to 10 million consumers based in California, which should give some small comfort to all but the very largest of companies who will still need to comply with the provision.
Finally, if you’re a glutton for punishment (or a legal nerd who loves this stuff!), you can read the full text of the bill here.