In late August 2023, the California Privacy Protection Agency (“CPPA” or “Agency”) released a discussion draft of proposed regulations under California’s data privacy law, the California Consumer Privacy Act (“CCPA”). Importantly, the proposed regulations set forth more detailed obligations for company cybersecurity programs, including routinely assessing and filing audits with the CPPA. Though these draft […]
California
California Attorney General Launches CCPA Investigative Sweep for Employers
On July 14, 2023, California Attorney General Rob Bonta launched investigations into large California employers regarding their compliance with the California Consumer Privacy Act (the “CCPA”) as it relates to their processing of employee and job applicant personal information. Attorney General Bonta’s investigative sweep is the first CCPA enforcement activity related to employee data. The […]
California Privacy Protection Agency Issues Invitation for Preliminary Comments on Proposed Rulemaking on Risk Assessments, Cybersecurity Audits, and Automated Decisionmaking
The California Privacy Protection Agency (CPPA) issued an Invitation for Preliminary Comments on Proposed Rulemaking (Invitation) Friday as it considers new rules regarding Risk Assessments, Cybersecurity Audits, and Automated Decisionmaking. The proposed rulemaking is pursuant to California Civil Code § 1798.185(a)(15)-(16), which directs the CPPA to draft regulations on these topics. Although the Invitation enumerates […]
CPPA Anticipates April Effective Date for CPRA Regulations
The California Privacy Protection Agency (“CPPA”) announced during its Board meeting on December 16, 2022 that the regulations implementing the California Privacy Rights Act (“CPRA”) will not likely go into effect until April 2023. CPPA Executive Direct Ashkan Soltani stated that the CPPA Staff plans to publish the final draft of the CPRA regulations in […]
California Privacy Protection Agency Issues Notice of Modifications to Proposed CPRA Regulations
On November 3, 2022, the California Privacy Protection Agency (“CPPA”) issued a notice of modifications to the Proposed Regulations implementing the California Privacy Rights Act (“CPRA”). These proposed modifications come in response to public comments on, and are meant to clarify, previously issued modifications. The modifications, which are largely based on the Modified Proposed Regulations […]