This week, California Attorney General Xavier Becerra released the final text of proposed regulations to implement the California Consumer Privacy Act (CCPA). The latest version of the regulations is near-identical to previous versions, which NMHC and the apartment industry have been monitoring closely.
The final regulations will ultimately guide how the CCPA is interpreted and enforced but has one last hurdle to clear with final review by the California Office of Administrative Law. The agency has 30 days to approve the regulations but could extend the review by up to 60 additional days. Once cleared, the CCPA will become fully enforceable.
As the rules were being written NMHC, on behalf of the apartment industry, submitted comments seeking changes and clarifications be made to the underlying regulations and how the CCPA would ultimately be enforced. The Attorney General made some changes to accommodate the industry’s concerns. Even with outstanding concerns from the apartment industry and allied business groups, the CCPA and its wide-range of responsibilities for businesses went into effect on January 1, 2020, and the California Attorney General has made clear that his office is committed to its enforcement.
Because of the complexity of businesses complying with a growing patchwork of data breach notification, security and now privacy standards across the country, NMHC is actively supporting a federal data security and privacy standard. NMHC has long argued that any standard must be scalable, account for the scope and size of the business and the sensitivity of the data in question. To date, bipartisan agreement on privacy and security standards has eluded Congress. It is likely that this impasse will continue throughout 2020, making compliance with the CCPA and other emerging standards critical for multifamily firms of all sizes.
To help NMHC members comply with the CCPA, both in California and around the country, NMHC issued a comprehensive white paper that includes practical considerations firms should undertake to make sure they are ready to comply with a range of common themes found in each of the notable privacy standards that exist today.
For more information on data privacy and security, please visit our advocacy page.