New Year’s Day is fast approaching, and with it, the deadline for compliance with the California Consumer Privacy Act (CCPA)—the Golden State’s new data privacy law and the strictest in the nation. As the clock ticks forward, businesses are struggling to get their houses in order, working to make certain that their privacy policies inform customers about what personal information (PI) is being collected about them and to whom it may be sold. On the back end, protocols are being hurriedly drafted to handle customer requests to access, delete, or opt-out of the sale of their PI.

The proposed CCPA regulations released by California’s attorney general in October have prompted public comment and raised as many questions as they’ve answered. One thing we know for certain is that the AG is prevented from bringing an enforcement action for noncompliance before July 1, 2020 or six months after publication of the final regulations (whichever is earlier). That being said, the CCPA is unclear whether such an action could be triggered by noncompliance as of the CCPA’s effective date (Jan. 1) or if the AG will only take action for infractions occurring subsequent to the latter date. But before you throw your hands up in the air and pray that an enforcement action doesn’t land at your doorstep—either sooner or later—here are three key takeaways that should govern your approach to CCPA compliance.