TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | California attorney general's office: No delay on CCPA enforcement amid COVID-19 Related reading: The Privacy Advisor Podcast: What happens to data privacy in a pandemic?



Editor's Note:

This article has been updated to reflect the California attorney general’s most recent statement to The Privacy Advisor that enforcement of the CCPA is expected July 1, not earlier, as implied.

The COVID-19 pandemic has brought many things in life to a screeching halt. For many organizations, the outbreak has meant shuttering, limiting or digitalizing most, if not all, operations.

Those types of transitions and subsequent hardships have led some in the privacy space to question whether it's right for California Attorney General Xavier Becerra to go forward with California Consumer Privacy Act enforcement July 1. A coalition of 35 advertising groups sent the attorney general a letter March 17 calling for enforcement to be delayed.

"A temporary deferral in enforcement of the CCPA would relieve many pressures and stressors placed on organizations due to COVID-19 and would better enable business leaders to make responsible decisions that prioritize the needs and health of their workforce over other matters," the coalition wrote.

The coalition has since increased to 60 groups, including the Motion Picture Association of America and media groups, and restated its case to the attorney general's office in a revised letter delivered March 20.

Becerra's office rebuffed any ideas of keeping the CCPA from taking full force, following suit with its position on past calls to delay enforcement.

"CCPA has been in effect since January 1, 2020. We're committed to enforcing the law starting July 1," an advisor to Becerra said. "We encourage businesses to be particularly mindful of data security in this time of emergency."

Becerra's plan to move forward despite COVID-19 did not surprise Frankfurt Kurnit Klein & Selz's Privacy & Data Security Group Chair Tanya Forsheit, CIPP/US, CIPT, PLS. Forsheit said this call to postpone was not based on the attorney general's office "having the ability and right to take action starting in July if they choose to do so." Instead, Forsheit sees the coalition's efforts as "trying to appeal to (the office's) humanity.

"Given what's going on, it's a whole new environment," Forsheit said "You have a workforce that's been sent home, and not because we're just trying to be careful, but because the government says we have to. It's that much more difficult to address compliance measures from a remote location."

The heart of the delay argument comes back to time and resources a given organization has available during these unsettled times. Forsheit used the technology industry, which is fueling remote work for many, as an example of one filled with companies that currently stretched thin while still facing compliance requirements.

"Resources, including human resources, technical resources and money, need to be put into keeping things going on a global scale," Forsheit said. "They have to be diverted from other projects, including responding to something like someone requesting to see all the data a company has on them. The person has a right to that, but all organizations are saying in this moment is that they need more time."

With the ad industry, COVID-19 presents another in a line of obstacles it was facing with CCPA compliance and comprehension.

"What the ad industry has been going through with the lack of clarity around the law is something they struggled with prior to COVID-19, and adding that makes their call justifiable and understandable," Hintze Law Founder and Partner Susan Hintze, CIPP/US, CIPT, FIP, said. "With the ad space, in particular, you're working in much more of a grey area with what is and isn't personal information or a sale. The draft regulations haven't yet provided the direct tie-ins they need, so now COVID-19 adds to an already difficult situation."

Despite the issues COVID-19 presents, companies across industries will be hard-pressed to use it as an excuse for noncompliance. Some companies may present COVID-19-motivated cases to avoid enforcement, but Hintze believes those cases must come with detailed, tangible evidence that suggests COVID-19 was the sole factor hampering compliance.

"I don't think you can kind of use COVID-19 as a blanket excuse for every single company," Hintze said. "Will every company be affected to some degree? Yes. But if they are put in the position where the law goes forward and they fall short of compliance obligations then, as with any other situation, they need to express their particular circumstances that led to some form of noncompliance."

Photo by Philip Wyers on Unsplash

Credits: 1

Submit for CPEs


If you want to comment on this post, you need to login.