There are numerous cybersecurity regulations and requirements for businesses to worry about but they may not be considering their cybersecurity regulations under privacy statutes. California was at the forefront of privacy regulations with the passage of the California Consumer Privacy Act (CCPA). Lawsuits under the CCPA began almost immediately after it was enacted in 2020.

On October 8, 2023, Governor Newsom signed Assembly Bill (AB) 947. Effective January 1, 2024, the bill will revise the California Consumer Privacy Act (CCPA) definition of “sensitive personal information” to include personal information that reveals a consumer’s citizenship or immigration status.

Under the CCPA, consumers have certain rights with regard to their

Though enforcement of the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA) has been paused for now, the State of California is not resting when it comes to compliance with the CCPA.

On July 14, 2023, California’s Attorney General announced an “investigative sweep” regarding compliance with the CCPA.

In March 2023, the California Chamber of Commerce filed a Petition for Writ of Mandate and Complaint for Declaratory and Injunctive Relief against the California Privacy Protection Agency (CPPA), the agency tasked with implementation and enforcement of the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA).

The writ sought to

While the California Privacy Protection Agency (CPPA) only recently approved revised amended regulations pertaining to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), it is already on to its next rulemaking.

On February 10, 2023, the CPPA issued an invitation for preliminary comments on proposed rulemaking pertaining to cybersecurity audits

After a significant delay, on February 3, 2023, the California Privacy Protection Agency (CPPA) unanimously approved amended regulations. The new regulations have not yet gone into effect as they must first be approved by the Office of Administrative Law (OAL). The CPPA’s General Counsel advised that there is no guarantee that the regulations would be

On December 16, 2022, the California Privacy Protection Agency (CPPA) had its final meeting before the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act takes effect on January 1, 2023. Despite the CPRA taking effect at the start of the year, the CPPA, the agency charged with implementing the law

In June 2022, the California Privacy Protection Agency (CPPA) Board first started discussions about revising the regulations previously released by the California Attorney General.

In October, the Board released proposed modifications to the regulations in advance of a planned Board meeting. Since then, the Board has rescheduled both Board and public meetings.

The Board

On October 21 and 22, the California Privacy Protection Agency (CPPA) Board will meet to discuss possible action regarding the proposed regulations for the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Previously, in June 2022, the Board met to discuss revising the regulations previously released by the California Attorney General.

1. What’s changing?

Under the current version of the California Consumer Privacy Act (“CCPA”), an employer’s obligations related to the personal information it collects from employees, applicants, and contractors residing in California (collectively, “Employment Information”) are relatively limited.  Specifically, it needs to (1) provide those individuals a “notice at collection” that discloses the categories of