The Office of Administrative Law — the agency in California that is responsible for dotting the i’s and crossing the t’s of new regulations — has officially signed off on the final version of the California Consumer Privacy Act, and those approved regulations are now in effect, according to a press release from California Attorney General Xavier Becerra.
A copy of the final regulations can be viewed by clicking here.
The CCPA was signed into law in 2018 and went into effect on Jan. 1, 2020. The law gives individuals the right to ask for all of the personal information stored about them by companies for the preceding 12 months. It also gives consumers access to the information stored about them by companies and the right to request that information be deleted.
After the law was created, the Attorney General of California began the rulemaking process, holding several public forums and accepting comments from the public.
While it signed off on most of the regulations that were included in the law, the Office of Administration Law did take some requirements out of the CCPA, including:
- A requirement that businesses obtain express consent from consumers before using previously collected information for a materially different purpose
- A requirement that businesses which substantially interact with consumers offline to provide notice of right to opt-out via an offline method
- A requirement that established minimum standards for submitting requests to opt-out to businesses
- A requirement that provided businesses with the ability to deny certain requests from authorized agents
“In California, privacy is an inalienable right. Californians should control who possesses their personal data and how it’s used,” said Becerra, in a statement. “With these rules finalized, California breaks ground and leads the nation to protect and advance data privacy. These rules guide consumers and businesses alike on how to implement the California Consumer Privacy Act. As we face a pandemic of historic proportions, it is particularly critical to be mindful of personal data security.”