On December 4th, the California Attorney General’s (AG) office held a public hearing in San Francisco on the California Consumer Privacy Act (CCPA). The hearing provided the public with an opportunity to take part in the CCPA rulemaking process. The rulemaking process is governed by the California Administrative Procedures Act which requires the AG to solicit comments from the public through hearings and in writing. The AG considers all comments, makes revisions to the proposed regulations where appropriate, and posts another draft of the regulations for public review and comment.The San Francisco hearing took place at the Milton Marks Conference Center where the room was packed with approximately 175 attendees, including TrustArc team members.
Representatives from the Office of the California AG started with a brief introduction and then allowed for pre-registered speakers to make their comments. With over 20 speakers, the public hearing lasted almost two hours and covered a wide range of CCPA-related topics and concerns. Below are some highlights from the hearing:
Individuals representing two different Bay Area credit unions spoke on the difficulties of complying with the complexities of the CCPA with a small staff and limited resources. Both asked for the enforcement date to be extended to January 1, 2022, pushing the date two full years. Extending the enforcement date would allow them the time needed to “get it right the first time,” they argued.
One of the co-authors of the CCPA text also spoke during the public hearing. He argued that the CCPA’s fifteen-day grace period for companies to process opt-out requests was simply too long, and the requests need to be processed immediately, up to 72 hours at the latest, adding, “If [a company] is able to start selling immediately, ..