California Attorney General Xavier Becerra has released a statement, reminding Californians of their rights in relation to their privacy, which further emphasized his office’s commitment to stick to the July 1 2020 enforcement date for the California Consumer Privacy Act until 2021.
In the statement he focused on the main consumer rights protected by the CCPA, focused on four particular areas of concern, including avoiding email scams, protecting virtual meetings, protecting home networks and protecting children online.
Mr Becerra said: “The reality is that COVID-19 is forcing families to adjust to a new way of living and connecting remotely. Whether it’s our children’s schooling, socializing with family and friends, or working remotely – we are turning to mobile phones and computers as a lifeline. With such a dependency on online connectivity, it is more important than ever for Californians to know their privacy rights.”
The statement also provided some guidance on how to safeguard privacy while conducting virtual online meetings, adding security to a home network for remote working and keeping children safe in relation to their online activities during the COVID-19 pandemic. You can read the California Attorney General’s full statement from April 10 here.
This statement from Becerra’s further reinforces the California AG’s Office commitment to move forward with enforcement of the CCPA as of July 1, 2020. Previously, in response to the call from trade associations to have any application of fines in relation to CCPA breaches suspended until 2021, the Californian AG’s office released a statement to reiterate that are no current plans to do so.
While the California AG office acknowledged the issues that the trade associations brought to light, mr Becerra stated: “Right now, we’re committed to enforcing the law upon finalizing the rules or July 1, whichever comes first . . . . We’re all mindful of the new reality created by COVID-19 and the heightened value of protecting consumers’ privacy online that comes with it. We encourage businesses to be particularly mindful of data security in this time of emergency.”
However, it has still not been confirmed if companies and groups will be permitted to use COVID-19 as a justification for failing to comply with the new legislation in the event of a breach occurring. There is a strong possibility that any submission like this will be dealt with on a case-by-case basis as every entity will have a multitude of different factors and situational circumstances to take into account.
Security and privacy experts have spoken out against any potential further delay to the legislation being implemented. Laura Jehl, global head of the Privacy and Cybersecurity Practice at law firm McDermott Will & Emery said: “It’s unlikely that we will see a significant CCPA enforcement action this year. The major provisions of the law have been reasonably clear for some time. The AG earlier warned that he expected companies to come into compliance by January 1.”