On July 1, 2020, the California State Attorney General (“AG”) began enforcement action against businesses that it believes have violated the California Consumer Privacy Act (“CCPA”). In anticipation of the July 1 deadline, it was unclear how the AG would prioritize CCPA enforcement. It was thought that the AG would target the largest businesses for CCPA violations in order to set an example for those companies (large and small) that meet the CCPA thresholds. In reality, the AG has shown no discretion with respect to CCPA enforcement and has sent notices of alleged violation to a large swath of businesses that it believes have not complied with the CCPA.
What do these notices allege and how should you respond to them?
CCPA Enforcement Notices
Responding to Notices
Please note that fraudulent notices have been sent by scam artists for purposes of scaring businesses into paying money. As such, businesses should first confirm with the AG that the notices that they receive are valid before responding to them. Businesses should respond to valid notices via email to [email protected] within thirty (30) days of notice receipt. The responses should describe all actions that have taken in order to come into full compliance with the CCPA. Failure to respond and cure the alleged violations may lead to imposition of the above civil penalties.