On Friday, the Sacramento Superior Court issued a ruling delaying the enforcement of recently enacted California Privacy Rights Act regulations until March 2024. The CPRA, which amended the California Consumer Privacy Act, directs the California Privacy Protection Agency to promulgate regulations that further explain and detail the requirements of the CPRA. The agency was supposed to issue regulations by July 1, 2022, with an enforcement date of July 1, 2023. However, the agency did not issue those regulations until March 24, 2023.
Immediately after the regulations were issued, the California Chamber of Commerce filed a lawsuit requesting that enforcement be delayed by one year to provide sufficient time for businesses to come into compliance. The court entered its ruling on Friday, one day before the regulations were scheduled to take effect. In its ruling, the court agreed with the Chamber that the CCPA, as amended, intended for businesses to have a full 12 months to come into compliance. By delaying issuance of the regulations until March 24, 2023, the court said, the agency will not be able to take enforcement action until March 24, 2024.
It is important to note that Friday’s decision affects only the enforcement of the regulations. Other components of the CCPA remain enforceable. But for businesses, the court’s decision may come as a welcome reprieve, giving the them additional time to address the comprehensive compliance requirements, which include updated requirements related to sensitive personal information, employee data, collection and processing of advertising cookies, and updated data subject rights.
The agency also has yet to promulgate regulations related to risk assessments, audits, and automated decision-making, and so the effective date for these regulations will be one year from the date that they are issued.
The Constangy Cyber Team continues to monitor developments at both the state, national, and international levels related to privacy laws and enforcement. We will continue to review the CCPA enforcement protocols, and their impact on the day-to-day operations of businesses. Follow our blog to stay up to date and learn more.
The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation.
