Skip to main content
close search
site logo
Dive Brief

33 organizations call for delay of California privacy law enforcement amid coronavirus pressure

Published March 20, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Ryan McKnight for CIO Dive

Dive Brief:

  • Thirty-three trade associations, companies and organizations are asking the California Attorney General for a compliance extension for the California Consumer Privacy Act (CCPA) due to the novel coronavirus outbreak, according to the letter submitted to California Attorney General Xavier Becerra. 
  • While the organizations support the underlying cause for the CCPA, they need time to "absorb the shock to the system" the pandemic is having on industries. The organizations suggested enforcement should begin on Jan. 2, 2021 instead of the original July 1 deadline. 
  • "We are concerned that given current events and the presently unfinished status of the regulations implementing the CCPA, businesses will not have the operational capacity or time" to comply by July, the letter said. 

Dive Insight:

As the U.S. workforce is largely remote due to coronavirus, data is in constant motion. Compliance meant to pass a one-time audit isn't sustainable. More than two-thirds of companies fear they can't sustain their compliance. 

The key is tracking where data travels and how it accumulates. This year will be an overwhelming time for companies because data's security risk has never been higher. 

With the CCPA, some companies had to put a privacy "muscle" in place for the first time last year. If an extension is granted, it's unknown how the AG "will treat any alleged infractions that took place before their enforcement regime goes into effect," Dan Jaffe, Group EVP, Government Relations, Association of National Advertisers, and one of the letter's contributors, told CIO Dive.  

The CCPA went into effect on Jan. 1, but the rules are not yet finalized. The California AG is still revising the final regulation requirements. The office released its second draft of rules in February and held seven public forums. It received more than 300 comments. 

On Jan. 1, companies "immediately faced legal jeopardy from private rights of action lawsuits for any data breaches covered under the CCPA," Jaffe said. 

The rolling modifications of the rules is making compliance a moving target, according to Jaffe. In addition to uncertain regulations, the coronavirus pandemic released a "tidal wave of unexpected economic, logistical and staff bandwidth issues." 

Encryption, access management and supply chain risk mitigation all factor into the technical side of data privacy. The only enforcement action guaranteed since Jan. 1 pertains to data breaches. 

Recommended Reading

Filed Under: Leadership

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Leadership
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell