On July 16, 2024, the California Privacy Protection Agency (the “CPPA”) board declined to advance to formal rulemaking California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automated decisionmaking technology, insurance companies and updates to existing regulations. The CPPA board voted against advancing the regulations during its board meeting when it also […]
CPRA
California AG Announces $500,000 Settlement with Mobile Game App Company for Unlawful Collection and Sharing of Children’s Data
On June 18, 2024, California Attorney General (“AG”) Rob Bonta and Los Angeles City Attorney Hydee Feldstein Soto announced a settlement with a video game developer and publisher regarding allegations that the company violated the California Consumer Privacy Act (the “CCPA”), the federal Children’s Online Privacy Protection Act (“COPPA”) and California’s Unfair Competition Law (the […]
California Court of Appeals Paves the Way for Enforcement of California Privacy Rights Act Regulations
On February 9, 2024, the California state court of appeals mandated a trial court to vacate its order and judgment prohibiting the California Privacy Protection Agency (the “Agency”) from enforcing the California Privacy Rights Act regulations (the “CPRA Regulations”) until March 29, 2024. The Agency will be able to enforce the CPRA Regulations upon the […]
California Privacy Protection Agency Releases Draft Regulations on Risk Assessments
On August 28, 2023, the California Privacy Protection Agency (the “Agency”) released two sets of draft regulations under the California Consumer Privacy Act (the “CCPA”), one for risk assessments and another for cybersecurity audits, as part of the Agency’s informal rulemaking process. We discuss the draft cybersecurity audits in California Proposes Annual Audits to Assess […]
California Proposes Annual Audits to Assess Sufficiency and Compliance of Company Cybersecurity
In late August 2023, the California Privacy Protection Agency (“CPPA” or “Agency”) released a discussion draft of proposed regulations under California’s data privacy law, the California Consumer Privacy Act (“CCPA”). Importantly, the proposed regulations set forth more detailed obligations for company cybersecurity programs, including routinely assessing and filing audits with the CPPA. Though these draft […]