September 16, 2019

NAFCU, U.S Chamber-led coalition urge CCPA delay

regsNAFCU – in a joint letter with the United States Chamber of Commerce and other organizations representing every sector of the American economy – urged the California Governor, Attorney General, and members of the California state senate and assembly to delay the effective date of the California Consumer Privacy Act (CCPA) by two years. The CCPA was signed into law June 28, 2018.

The suggested delay would move the implementation date to Jan. 1, 2022, and "provide sufficient time to resolve ambiguities" within the law. The organizations also asked that help be given to businesses to implement systems that would "meaningfully protect consumers' privacy, provide rights offered by CCPA, and meet consumers' expectations."

"In order for California's new privacy law to be effective it must instill certainty and trust," wrote the coalition. "This requires that both consumers and industry alike have adequate opportunities to know what the requirements of a privacy law will be prior to implementing robust compliance programs."

In the letter, the organizations highlight two complicating factors: the number of pending and material proposed amendments to the CCPA that may not be addressed until later this month, and the California Attorney General's current rulemaking effort that is expected to add new compliance obligations which is not expected to conclude until later this year.

"For a benchmark for a reasonable time for compliance, the State of California should look to the European Union's General Data Protection Regulation ("GDPR")—whose final regulations were adopted in April 2016 with a two-year implementation period before it took effect in May 2018," they added.

NAFCU's Regulatory Committee previously discussed the CCPA and GDPR, as well as other issues on privacy, including a proposed rule that intends to establish procedures to facilitate consumers' rights and provide guidance to businesses on how to comply with the law.

The association has multiple resources available on privacy laws, including a webinar on CCPA and the future of privacy laws available on-demand, and an edition of the NAFCU Compliance Monitor on the substantive requirements of the GDPR and how they differ from existing U.S. mandates.

Data protection continues to be a big issue for credit unions and a number of speakers during NAFCU's 2019 Congressional Caucus touched on ways for credit unions to protect their institutions. The association will continue to provide members with additional resources.

NAFCU has long been active with lawmakers on this issue and was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system.