The California Consumer Privacy Act (CCPA), touted as the toughest privacy act in the country, went into effect on July 1, 2020. Although the enforcement regulations have been tweaked three times during the last year, this week California Attorney General Xavier Becerra (AG) issued the final set of rules that his office will use to enforce the law.

According to the AG, the regulations were approved on August 14 after non-substantive changes were made by his office. Therefore, companies can use the final regulations to assist in determining their compliance with the law.

Although the AG has not yet publicly commenced an enforcement action under the law, the AG has stated that those efforts started on July 1. We anticipate that those efforts will be strategic and well thought out by the AG, as we have seen with the enforcement actions of other privacy laws. We believe that enforcement actions will be determined based upon the brands targeted, the substance of the violations, and where guidance can be the most impactful.

Now that the regulations are final, if they haven’t done so yet, companies may wish to review their compliance efforts with CCPA.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.