On November 8, 2024, the California Privacy Protection Agency (CPPA) voted to advance proposed regulations concerning automated decisionmaking technology. While the comment period is ongoing and we do not have final rules, we are taking a look at some key provisions to help businesses begin to assess the potential effects of these rules if made
CPPA
CPPA Issues First “Enforcement Advisory” for CCPA – Data Minimization
The California Privacy Protection Agency (CPPA) issued its first enforcement advisory concerning the California Consumer Privacy Act (CCPA). In Enforcement Advisory No. 2024-01, the CPPA tackles a foundational principle – data minimization. Much of the attention surrounding the CCPA seems to focus on website privacy policies, notices at collection, and consumer rights requests. With…
California Court of Appeal Reverses Halt on Enforcement of CPPA Regulations
In 2023, a California superior court halted enforcement of any final California Privacy Protection Agency regulation implemented until a period of 12 months from the date that individual regulations became final. Based on the ruling, enforcement of the initial regulations passed in March 2023 could not commence until March 2024.
The California Privacy Protection Agency…
Top 10 Blog Posts for the Workplace Privacy, Data Management & Security Report for 2023
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular topics from 2023.
- States Passing Comprehensive Privacy Laws
There was a landslide of comprehensive state privacy laws passed in 2023, from coast to coast. The laws are…
CPPA Mulls Draft Cybersecurity Audit Regulations Under CPRA
When the California Privacy Rights Act (CPRA) was enacted, it created the California Privacy Protection Agency (CPPA) and delegated to the CPPA significant regulatory authority. One of the areas of that authority is cybersecurity, which includes performing cybersecurity audits annually. On September 8, 2023, the CPPA considered a draft set of regulations that would establish…
California Superior Court Put the Brakes on Enforcement of California Privacy Rights Act
In March 2023, the California Chamber of Commerce filed a Petition for Writ of Mandate and Complaint for Declaratory and Injunctive Relief against the California Privacy Protection Agency (CPPA), the agency tasked with implementation and enforcement of the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA).
The writ sought to…
CPPA Starts Rulemaking on Cybersecurity, Risk Assessments, and Automated Decision-making
While the California Privacy Protection Agency (CPPA) only recently approved revised amended regulations pertaining to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), it is already on to its next rulemaking.
On February 10, 2023, the CPPA issued an invitation for preliminary comments on proposed rulemaking pertaining to cybersecurity audits…
California Privacy Protection Agency Passes Revised Regulations
After a significant delay, on February 3, 2023, the California Privacy Protection Agency (CPPA) unanimously approved amended regulations. The new regulations have not yet gone into effect as they must first be approved by the Office of Administrative Law (OAL). The CPPA’s General Counsel advised that there is no guarantee that the regulations would be…
California Privacy Protection Act Ends 2022 Without CPRA Regulations, But CPPA Targets Risk Assessments and AI for Additional Rulemaking
On December 16, 2022, the California Privacy Protection Agency (CPPA) had its final meeting before the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act takes effect on January 1, 2023. Despite the CPRA taking effect at the start of the year, the CPPA, the agency charged with implementing the law…
CPPA Board Publishes Second Modification to CPRA Regulations
In June 2022, the California Privacy Protection Agency (CPPA) Board first started discussions about revising the regulations previously released by the California Attorney General.
In October, the Board released proposed modifications to the regulations in advance of a planned Board meeting. Since then, the Board has rescheduled both Board and public meetings.
The Board…