On Friday, California's Attorney General Xavier Becerra (AG) announced that the Office of Administrative Law (OAL) approved the final regulations under the California Consumer Privacy Act (CCPA). The regulations went into effect immediately. The final regulations can be found here.
California's governor signed the CCPA into law on June 28, 2018, after some controversy about how quickly the statute passed through the legislative process. The CCPA required the AG to implement regulations by July 1, 2020. The AG proposed these regulations in October 2019, which was followed by a comment period and several public forums. The final proposed regulations were submitted by the AG to the OAL on June 1, 2020.
In his office's press release regarding the final regulations, the AG stated:
With these rules finalized, California breaks ground and leads the nation to protect and advance data privacy. These rules guide consumers and businesses alike on how to implement the California Consumer Privacy Act. As we face a pandemic of historic proportions, it is particularly critical to be mindful of personal data security.
We'll post more detail about the final regulations after we've had a chance to digest them. California led the charge of state consumer privacy laws, and many states followed. The National Conference of State Legislatures maintains a comprehensive rundown of the status of all related data privacy legislation, it can be found here. With the way things are going, there can be as many versions of privacy laws as there are states, leaving businesses with the tough (and expensive) requirement to make sure they are in compliance with the varying rules. A solution to this patchwork quilt of privacy laws is to have a Federal law that encompasses the issue.