A timeline of where CCPA started and where it’s going.
The CCPA is the ultimate moving target, as you can see in the timeline above, CCPA is unlike GDPR, which took 4 years to cook and didn’t come online until 2017 after the regulatory requirements were clarified. For all involved, they know CCPA has been a work in progress; it first passed in July of 2018, was amended in August 2018 and some exceptions were added. It then had a second set of amendments in September of 2019, and the draft regulations were issued in October of last year.
On January 1st, 2020 the enforcement of the data security requirements in the law started, which was quickly followed by revised draft regulations in February 2020.
We still don’t have enforcement of the privacy requirements of the law and we have now seen four revisions for what you need to do on the privacy side. We expect the regulations to be finalized in May or June and then to be enforced on July 1st of this year.
We are seeing twists and turns before the law for privacy becomes finalized. It means that your compliance program needs to be flexible to accommodate these different inputs.
Watch our on-demand webinar where Jim Halpert, DLA Piper & Dan Clarke, IntraEdge/Truyo discuss this timeline and the draft regulations from February 2020.