On March 11, days before most U.S. businesses across the country had to close their doors to fight the spread of COVID-19, the California Attorney General (AG) provided notice of a second set of modifications to the proposed California Consumer Privacy Act (CCPA) regulations. The period window for submitting comments was between March 11, 2020 and March 27, 2020 and recently closed.
On March 17, a coalition of trade associations, companies and organizations across a broad array of industries, including medical device companies represented by AdvaMed, sent a letter to the AG requesting a delay in the enforcement of CCPA until January 2, 2021. They argued, in part, that the new work-from-home policies limit employees’ ability to implement processes to comply with CCPA, and that now was not the time to “threaten business leaders with premature CCPA enforcements lawsuits.”
Opposing groups have responded. In a press release dated March 23, Consumer Reports called on the AG to “reject industry efforts to avoid compliance” and pointed out that companies have had “over a year to prepare” to comply.
Justin Brookman, Consumer Reports’ director of privacy and technology policy, said: “it is more critical than ever for policymakers to ensure fairness, safety and transparency for consumers in the marketplace. The law has been in effect for over three months. This is a cynical attempt by industry to avoid honoring California consumers’ constitutional right to privacy, and industry shouldn’t exploit the health crisis to ignore consumer requests to companies to stop selling their data. We hope the Attorney General does the right thing and begins enforcement as scheduled.”
An advisor to the California Attorney General Becerra made a recent public statement that the office is still committed to enforcement of the CCPA beginning July 1, 2020.
If you would like to learn more about the CCPA, join MediSpend on April 7 at 1 PM ET for the webinar “What Does the CCPA Mean for Life Sciences Companies?” Our experts will discuss what the CCPA is, what data it protects, who the law applies to, what departments within your organization may be affected and the steps you should take to ensure compliance. Register for the upcoming webinar here: https://bit.ly/38YQVPt.