March 31, 2020

According to reporting by Global Data Review, Attorney General Becerra has indicated no plans to delay enforcement of the California Consumer Privacy Act (CCPA). An advisor to the AG reportedly told GDR that his office is “committed to enforcing the law upon finalising the rules or 1 July, whichever comes first.”

CCPA enforcement delay because of COVID-19?

This news is in response to a letter that asked the AG to delay enforcement until January 2021 because of the COVID-19 pandemic and the fact that the regulations have not been finalized. The original March 17 letter was co-signed by more than 30 companies and trade groups from across industries; it was then revised on March 20, and signed by 60 companies and trade groups. The message reported by Global Data review is essentially the same message the AG’s office made to Forbes last week, before the revised letter was submitted.

Due to the COVID-19 crisis, companies are struggling to complete their compliance efforts. Employees are working from home, some are remote, and resources are becoming scarce. As companies look for ways to survive, some are looking at the CCPA, which continues to change as new proposed regulations are issued, as an avenue whereby they may be able to delay some costs. The letter noted that each version of the regulations materially and substantially changes businesses’ obligations. The signatories to the letter, who together employ or represent millions of employees, stated:

Many companies have instituted mandatory work-from-home measures to limit community spread of the virus, meaning that the individuals who are responsible for creating processes to comply with the CCPA are not present in the office to undertake such tasks. Developing innovative business procedures to comply with brand-new legal requirements is a formidable undertaking on its own, but it is an especially tall order when there are no dedicated, on-site staff available to build and test necessary new systems and processes.

AG is mindful of the new COVID-19 reality

The AG’s office has stated that they are “mindful of the new reality created by COVID-19 and the heightened value of protecting consumers’ privacy online that comes with it” and that they “encourage businesses to be particularly mindful of data security in this time of emergency.”

While it may be a difficult time for companies to implement new business processes since nothing is business as usual these days, it is an important time to think about data security and employment policies in the COVID19 environment. While your employees are working remotely, have you trained them in proper data security methods? Have you advised them about protecting their home networks against hacks? Has your company allowed people to start working from personal computers? If so, have you advised employees about how to protect them to the standards you typically require of office computers? What about reimbursement? If an employee is require to work from home and purchase certain software or hardware to ensure protection of company data, have you put a policy in place to reimburse those expenses?

Free COVID-19 business tools

As companies struggle to comply with competing needs in the marketplace as well as to provide care for their employees and customers at this difficult time, SixFifty would like to offer some assistance. We have employed our CCPA and GDPR document automation and request systems to handle some of the problems facing companies as a result of COVID-19. The COVID-19 tools are free—you can sign up here to automate COVID-19-specific employment policies (COVID extended sick leave, remote work, travel, and reimbursement policies) and set up a free questionnaire/ticketing system that can gather information from employees impacted by COVID-19, manage tasks, and automate important communications.