California Consumer Privacy Act

Subscribe to California Consumer Privacy Act via RSS

Key Takeaways

  • Outlines key considerations for businesses using productivity management and monitoring platforms – such as, Teramind, ActivTrak, and Insightful – and whether their use may require a CCPA risk assessment.
  • Identifies the specific CCPA risk assessment triggers most relevant to such productivity technologies.

Productivity management and monitoring platforms have become a fixture of the

Key Takeaways

  • Analyzes whether recording customer service and sales calls triggers the CCPA’s new risk assessment requirements.
  • Identifies the specific CCPA triggers most relevant to call recording, particularly when AI analytics are applied to recordings.
  • Notes related obligations under state wiretapping laws and other state privacy frameworks.

Recording customer calls is among the most common

Key Takeaways

  • Examines how AI-driven hiring and applicant screening tools interact with the CCPA’s new risk assessment requirements.
  • Identifies the CCPA risk assessment triggers most likely to apply—including automated decision-making and systematic observation of applicants.

Artificial intelligence has made significant inroads into the hiring process. Employers increasingly rely on AI-driven tools to screen resumes, analyze

When assisting businesses with the commercial aspects of the California Consumer Privacy Act, we advise them that this same law, with “consumer” in its name, also applies to data related to job applicants, employees, contractors, and other California state residents. Some are surprised, but we get to work addressing some nuanced issues, as some

We’re pleased to announce the publication of a comprehensive resource on the Jackson Lewis website:

Navigating the California Consumer Privacy Act: 30+ Essential FAQs for Covered Businesses, Including Clarifying Regulations Effective 1.1.26.

With California’s updated CCPA regulations now in effect as of January 1, 2026, businesses face expanded compliance requirements in several critical areas.

After years of development and extensive stakeholder engagement, California has finalized groundbreaking cybersecurity audit regulations under the California Consumer Privacy Act (CCPA). These new requirements may significantly impact how covered businesses protect consumer data.

The New Regulations

The California Privacy Protection Agency (CPPA) Board approved comprehensive amendments to CCPA regulations covering cybersecurity audits, risk assessments

As artificial intelligence (AI), particularly generative AI, becomes increasingly woven into our professional and personal lives—from personalized travel itineraries to reviewing resumes to summarizing investigation notes and reports—questions about who or what controls our data and how it’s used are ever present. AI systems survive and thrive on information and that intersection of AI and

Key Takeaways

  • Outlines basic steps to determine whether a business may need to perform a risk assessment under the California Consumer Privacy Act (CCPA) in connection with its use of dashcams
  • Provide a resource for exploring the basic requirements for conducting and reporting risk assessments

If you have not reviewed the recently approved, updated CCPA

As we discussed in Part 1 of this post, the California Privacy Protection Agency (CPPA) has approved significant updates to California Consumer Privacy Act (CCPA) regulations, which were formally approved by the California Office of Administrative Law on September 23, 2025. We began to outline the requirements for a significant new obligation under the

The California Privacy Protection Agency (CPPA) has adopted significant updates to the California Consumer Privacy Act (CCPA) regulations, which were formally approved by the California Office of Administrative Law on September 23, 2025. These comprehensive regulations address automated decision-making technology, cybersecurity audits, and risk assessments, with compliance deadlines beginning in 2026. Among these updates, the