Since the California Consumer Privacy Act (CCPA) was signed in 2018, it has stirred up considerable controversy among tech companies, privacy advocates, and government officials. This regulation has fueled an increase in state laws and ushered in the possibility of a comprehensive federal privacy law. The road to implementation for the CCPA has been a winding one. Although we are still a year away from the deadline, public forums are underway, and many organizations have already begun preparing to meet the CCPA‘s 12-month “look-back” requirement. This post is an update on the current status of the regulation, the look-back requirement, and what you need to know about the CCPA public forums.

The CCPA 12-Month "Look-Back" Requirement

The CCPA has a 12-month “look-back” requirement that allows consumers to request their data records dating back a whole year from when the request is made.  This means that organizations will need to provide consumers access to a year’s worth of personal data without delay and free of charge.

Exceptions to the look-back requirement include:

  • Organizations do not need to provide the same data to a consumer more than twice in a 12-month period.
  • Organizations are not required to retain any personal data collected for a one-time transaction, or if the data will not be sold or retained by the organization.

What Does This Mean for Your Organization?

The 12-month look-back requirement mandates that organizations must modify their data collection and inventory practices. Moving forward, organizations will need to:   

  • Identify collected records of personal information that date back to January 1, 2019 (12 months prior to January 1, 2020).
  • Implement a 45-day timeline to respond to a consumer’s request for personal information.
  • Improve standards for inventorying personal information.


CCPA Public Forums

Most recently, the California Attorney General have begun conducting public forums regarding the CCPA. The first of the forums began in early January 2019 and the last one is scheduled for March.

The topics discussed during these forums include the possible expansion or redefinition of personal information categories, exceptions that allow for state and federal law compliance, and the establishment of rules and procedures in favor of consumers. 

It is impossible to predict what the final state of the CCPA will be. When the bill was passed privacy experts and legislators knew it was only the beginning of a long road to implementation, filled with amendments  and concessions from privacy advocates and tech companies. The public forums will greatly impact guidance on the CCPA and will assist the Attorney General in deciding how to enforce the regulation. In the meantime, organizations should be proactive and align their business practices prior to the CCPA going into effect in 2020. 


Stay On Top of National Privacy Trends

Subscribe to Focal Point's Privacy Pulse below - a once-a-month newsletter with guides, webinars, interesting white papers, and news all focused on data privacy. You can unsubscribe at any time.