We have previously alerted our readers about the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020. CCPA is one of the strictest consumer privacy laws in the U.S. and is broadly applicable [view related posts].

Although CCPA went into effect on January 1, 2020, enforcement by the California Attorney General does not start until July 1, 2020—next week. A coalition of 60 businesses have requested that Attorney General Xavier Becerra (AG) delay enforcement another six months to give businesses more time to put compliance programs in place, particularly in the face of the coronavirus, but the AG is committed to commencing enforcement next week.

According to the AG, “CCPA has been in effect since January 1, 2020. We’re committed to enforcing the law starting July 1. We encourage businesses to be particularly mindful of data security in this time of emergency.”

Data security is a key component of CCPA, which provides a private right of action for individuals to pursue against a company in the wake of a security incident, if, with proper notice and an opportunity to cure, individuals can show that the business did not have adequate security protocols and measures in place at the time of the security incident.

It’s not too late to develop and implement a CCPA Compliance Program, but businesses are running out of time if they haven’t started.