California Privacy Rights Act

Subscribe to California Privacy Rights Act

At the CPPA board meeting last week, the agency adopted the regulations and directed the staff to file the rulemaking package with the Office of Administrative Law (“OAL”). Before these regulations can become effective (and therefore enforceable), the OAL must complete its review of the regulations.  It has 30 working days to complete its review

Last night, the California Privacy Protection Agency (CPPA) published agenda materials for its upcoming meeting on February 3, 2023.  The materials include:

  • Proposed final draft regulations implementing the California Privacy Rights Act (CPRA).  These do not reflect further changes since the draft regulations that the CPPA put out for a 15-day comment period on November

As we previously discussed, the California Privacy Protection Agency (“CPPA”) recently released updated rules implementing the California Privacy Rights Act (“CPRA”). Here are some of the key changes from those rules.  While the changes are modest, they are directionally helpful in addressing some of the concerns industry raised during the rulemaking process.

Continue Reading Some Key Takeaways from The Updated CPRA Rules

The California Privacy Protection Agency (CPPA) staff has posted updated draft rules implementing the California Privacy Rights Act (CPRA).  The CPPA Board will discuss the updated draft rules during two virtual public meetings on Friday, October 21 and Saturday, October 22.  Agency staff and counsel will also be present at these meetings, which could follow

During its September 23, 2022 board meeting, the California Privacy Protection Agency (CPPA) provided an update on the status of the ongoing California Privacy Rights Act (CPRA) rulemaking.  Since the closure of the required 45-day comment period, the agency staff have been reviewing the written and oral comments submitted by the public.  The agency will be promulgating revised regulations, which will be drafted by the staff and presented to the Board.  These revisions will be followed by an additional public comment period of 15 to 45 days depending on the scope of the revisions.

Continue Reading California Privacy Protection Agency Provides Update on CPRA Rulemaking

During its June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) voted to initiate the formal California Privacy Rights Act (CPRA) rulemaking process.  The draft rules are expected to be very similar to those previously published in advance of the Board meeting, although Deputy Attorney General Lisa Kim noted during the meeting that minor errors may be updated prior to the formal submission of the draft rules.  The current draft rules and Initial Statement of Reasons (ISOR) continue to be accessible on the CPPA website.

Continue Reading California Privacy Protection Agency Votes To Initiate Formal Rulemaking Process

The California Privacy Protection Agency (“CPPA”) held two informational hearings on March 29, 2022 and March 30, 2022, in anticipation of its upcoming rulemaking later this year.  While the CPPA Board was present throughout the hearings, its members did not present any views as part of the program.  The speakers covered the following topics of note:
Continue Reading California Privacy Protection Agency Holds Informational Hearings

As companies begin to prepare their CPRA compliance strategies, they are grappling with whether to include personal information processed in employment and business-to-business contexts. Currently, the CPRA’s partial exemptions for both of those types of data sunset on December 31, 2022. However, last week, the CA legislature introduced AB 2871 and AB 2891. AB