California Attorney General
Becerra’s office is tasked with loaning staffers to the new privacy agency established under the California Privacy Rights Act approved by voters last month as it gets off the ground. Under the measure, which amended the California Consumer Privacy Act, the state attorney general names one member to the regulator’s five-person board.
The new California Privacy Protection Agency assumes rulemaking authority under state privacy law from the attorney general’s office in July 2021 or within six months of the agency giving the attorney general notice that it’s ready to assume rulemaking responsibilities.
“A lot has to happen during unprecedented times and circumstances,” said Melissa Krasnow, a privacy and data security attorney at VLP Law Group LLP.
The attorney general’s office and the new California regulator are still both tasked with enforcing privacy violations, but how they share responsibility for policing Californians’ privacy depends largely on who replaces Becerra should he be confirmed, said Reece Hirsch, co-head of Morgan Lewis & Bockius LLP’s privacy and cybersecurity practice.
“Whoever steps into Becerra’s position will have an opportunity to shape how the attorney general’s office is positioned with respect to privacy enforcement for years to come,” Hirsch said.
Health Privacy Focus
Becerra has made health privacy enforcement a priority, said Cathie Meyer, an attorney at Pillsbury Winthrop Shaw Pittman LLP. His office worked to secure settlements against insurance provider
Whether health privacy will remain a priority or whether a new focus area will emerge—such as children’s data—depends on whom
Newsom’s office didn’t immediately respond to a request for comment.
If confirmed as Department of Health and Human Services secretary, Becerra would take extensive knowledge of privacy gleaned from his tenure as attorney general to that post, said Cynthia Cole, a data privacy attorney at Baker Botts LLP.
“It reinforces the importance of all that work to build that, that the person who has been in the public eye about the CCPA is potentially moving on to a much bigger role,” she said.
Becerra (D) wrote regulations to implement the California Consumer Privacy Act. The law took effect Jan. 1, and the enforcement period began July 1.
Becerra has sent out letters to businesses that allegedly aren’t complying with the law, but the content of those correspondences haven’t yet been made public, Krasnow said.
The California attorney general’s office didn’t immediately respond to a request for comment.
Privacy enforcement will likely remain a priority for the attorney general’s office under a Becerra successor, said Linn Freedman, a data privacy and security partner at Robinson & Cole LLP.
“The state has always been aggressive on the privacy side, and Becerra has continued that tradition while he’s been in office,” Freedman said. “I would be very surprised if that culture isn’t continued, particularly because the people of California have reinforced the fact that data privacy is a priority by enacting the California Privacy Rights Act.”
Becerra’s departure could “impact the tone at the top,” but enforcement activity will continue since the privacy staffers at the office will likely remain the same, Meyer said.
The attorney general’s office is likely to develop a transition plan and lean on the deputies who are well-versed in privacy matters such as the CCPA, Meyer said.