California Attorney General Signals Approach to Upcoming CCPA Enforcement

December 16, 2019 by ACA Aponix


In a December 10 interview with Reuters, California Attorney General (AG) Xavier Becerra provided insight into planned enforcement for the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020. Per the interview, the effort firms take to comply will affect the severity the AG takes in enforcement.

CCPA Overview

The CCPA’s sweeping legislation, which includes multiple consumer rights and company obligations regarding personal information, will be subject to enforcement by the California AG as of July 1, 2020. Scheduled fines for non-compliance can be hefty, ranging from $2,500 to $7,500 for each violated data record, and $7,500 for each intentional act of CCPA non-conformity.

Download FAQs for Financial Services

Download FAQs for All Industries

With CCPA implementation and enforcement looming, companies have been seeking clarity as to the expected level of aggressiveness of enforcement. Becerra’s comments shed some light as to his intentions. Suggesting lenience toward company effort and intent, Becerra said, “given that we are an agency with limited resources, we will look kindly on those that …demonstrate an effort to comply.” Signaling a stricter attitude toward companies approaching CCPA lightly, Becerra said, “If they are not (operating properly) ... I will descend on them and make an example of them, to show that if you don’t do it the right way, this is what is going to happen to you.”

Asked if there is a possibility of an extension of the targeted implementation date, Becerra replied that there would be none. CCPA implementation and enforcement will proceed as originally scheduled.

ACA Aponix Guidance

The California AG’s comments provide some indication of the degrees of enforcement companies can expect under the CCPA. While the AG indicated there will be some leniency with demonstrated effort, lack of effort or disregard for the regulation will be punished severely.

Given this guidance, companies must take an active role in CCPA planning and adherence. As such, firms must:

  • Develop, demonstrate, and follow a roadmap for compliance
  • Focus on analyzing existing data inventories to ensure they are complaint with CCPA
  • Prepare notices and processes for addressing consumer rights
  • Ensure that service providers are likewise in compliance with CCPA privacy regulations
  • Adapt documentation such as privacy policies, incident response plans, information security plans, and more to cover data privacy issues

The clearest message from the California AG is that active efforts toward CCPA compliance will be recognized and rewarded, while a passive or neglectful approach will have serious consequences.

ACA CCPA Resources

Our team of experienced consultants has developed a resource library of FAQs, blog posts, and webcasts to help your firm navigate the complexities of the CCPA as well as implement practical steps to achieve compliance with the regulation. 

How We Help

Our CCPA compliance assistance service helps companies assess their readiness to comply with CCPA requirements as well as implement best practices for achieving broader privacy risk and compliance objectives across the enterprise. Please contact us to learn how we can help your company.

For More Information

If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.