California’s attorney general has confirmed that enforcement of the California Consumer Privacy Act will not be delayed due to the Covid-19 pandemic. “We’re committed to enforcing the law as early as July 1,” said a representative, emphasizing the importance of data security, which may suggest that data security will be an initial focus of enforcement efforts. Private parties are already actively litigating claims based on the law, which became generally effective on January 1.
On other other hand, financial businesses subject to New York’s new cybersecurity regulation (23 NYCRR Part 500) may delay filing their Certificate of Compliance until June 1. The New York Department of Financial Services extended this deadline in response to COVID-19, after previously extending it from February 15 to April 15.
