On June 1, just one month before the California Attorney General may begin enforcing violations of the California Consumer Privacy Act ("CCPA"), the California Attorney General's Office finally submitted final regulations to the California Office of Administrative Law ("OAL"). Most anticipated that July 1 would also be the date that the final regulations would become effective. However, given the late submission of the final regulations, they could become effective anytime between July and Oct. 1, leaving businesses struggling to prioritize compliance while dealing with the ramifications of the pandemic.  

Traditionally, the OAL has 30 working days to review the rulemaking record. However, in light of COVID-19, California Gov. Gavin Newsom issued Executive Order N-40-20, which extends that deadline by 60 calendar days. Regulations then generally become effective on one of four quarterly dates, the next of which would be Oct. 1. Therefore, assuming that the OAL approves and files the regulations with the California Secretary of State (SOS), the regulations would be scheduled to go into effect Oct. 1. 

Further complicating matters, the attorney general's final regulations submission package included a "Written Justification for Earlier Effective Date and Request for Expedited Review," requesting that the OAL complete its review within 30 business days and make the regulations effective upon their filing with the SOS. Although the OAL is not required to grant that request, it means that the final regulations could go into effect anytime between July and October 1, 2020, and with little to no notice.