California's Late Privacy Rules Crunch Prep Time for Companies

Data Strategy, Security & Privacy Partner Ashley Shively spoke with Bloomberg Law about how companies can prepare to comply with the requirements of the California Privacy Rights Act (CPRA) before they take effect next year. The California Privacy Protection Agency recently announced that rulemaking will extend to the end of 2022, past the original July 1 deadline, which could put businesses in a bind as they scramble to ensure compliance. Ms. Shively commented that the nature of California rulemaking, newness of an agency still being built and staffed, and number of topics that require rulemaking all combined to make an already-lengthy process even lengthier. She also emphasized that businesses should begin reviewing the statutory text of the CPRA now — although the regulations are necessary to clarify the details, companies can use the statutory language to start making general preparations like updating privacy policies.

"Businesses need to focus on what is known now and what can be done to prepare for CPRA and have the agility and budget in place to be ready to react as needed when the regulations come out," she said.

READ: California's Late Privacy Rules Crunch Prep Time for Companies