#WorkforceWednesday: California's Upcoming Cyber Audit and Automated Tech Rules - Employment Law This Week®
Recent Developments in California Privacy Laws - The Consumer Finance Podcast
Key point: The California legislature is currently considering several privacy-related bills that could impact the private sector....more
In July 2025, the California Privacy Protection Agency (CPPA) Board unanimously approved new regulations pursuant to the California Consumer Privacy Act (CCPA) that specifically address the use of automated decisionmaking...more
On July 24, 2025, the California Privacy Protection Agency (“CPPA”) unanimously voted to adopt a package of Proposed Regulations for the California Consumer Privacy Act (“CCPA”), marking a significant development in...more
Online retailers now face an increasingly complex matrix of state consumer-privacy statutes that impose prescriptive requirements on data collection, monetization, and cybersecurity practices. ...more
As artificial intelligence ("AI") systems and their use continue to advance, the regulatory landscape in the United States is rapidly evolving, but not in a uniform way. Unlike the European Union's comprehensive approach with...more
On May 1, the California Privacy Protection Agency ("CPPA") board (the "Board") met to discuss revisions to proposed regulations relating to cybersecurity audits, risk assessments, and automated decision-making technologies...more
In a significant enforcement move, California’s consumer privacy regulator just ordered a national clothing retailer to pay a $345,178 fine to resolve alleged violations of the state’s privacy law. The California Privacy...more
The California Privacy Protection Agency (“CPPA”) has made it abundantly clear: privacy compliance isn’t just about publishing the right disclosures – it’s about whether your systems actually work. On May 6, the agency fined...more
After a relatively slow start to 2025, the California Privacy Protection Agency (CPPA) is firing on all cylinders now. In recent weeks, the CPPA (i) revised the proposed Delete Request and Opt-out Platform (DROP) regulations...more
On May 6, the California Privacy Protection Agency (CPPA) issued a decision requiring national clothing retailer Todd Snyder, Inc. to change its business practices and pay a $345,178 administrative fine....more
State enforcement agencies are keeping the pressure on businesses, with two new enforcement actions announced this week in California and Texas. This activity signals to companies – both within and outside of the United...more
Keypoint: In its second non-data broker enforcement action for violations of the CCPA, the California Privacy Protection Agency entered into a stipulated final order with a retailer for a $345,178 administrative fine and...more
In a major development for businesses subject to state data privacy laws, eight state privacy regulators have joined forces to form the “Consortium of Privacy Regulators,” a bipartisan coalition aimed at coordinating...more
Earlier this week, the California Privacy Protection Agency (CPPA) and California Attorney General Rob Bonta announced the formation of a new bipartisan coalition called the Consortium of Privacy Regulators. This consortium...more
Late in February, the California Privacy Protection Agency (CPPA) ordered the shutdown of Background Alert under the state’s Data Broker Registration Law. Background Alert aggregated public records to create detailed profiles...more
Automated decision-making, or ADM, is used for a wide range of use cases that impact individuals — from processing insurance claims and credit scoring, to ranking job candidates and offering personalized pricing or targeted...more
The California Privacy Protection Agency (CPPA) recently announced a settlement with American Honda Motor Co., Inc. (Honda) over alleged privacy violations. The settlement arises from the CPPA’s investigation into the privacy...more
While the California Consumer Privacy Act (CCPA) is most known for its extensive privacy compliance obligations, the law also provides for a limited private right of action for certain security-related breaches....more
Privacy and cybersecurity are incredibly dynamic, and in 2025 we have committed ourselves to a look ahead post every six months, with the next one in July 2025. The new Congress convened on January 3, 2025, and a new...more
The California Privacy Protection Agency (CPPA) is starting formal rulemaking (again) as they move beyond the pre-rulemaking drafts that were debated for a little over a year. During their November 8, 2024, board meeting, the...more
The California Privacy Protection Agency (CPPA), at its board meeting on November 8, 2024, voted 4–1 to advance proposed regulations to a formal rulemaking. As currently drafted, these regulations would, among other things...more
Transparency might be the most important food group in data privacy compliance, especially with the Federal Trade Commission, Office of the New York State Attorney General and California Privacy Protection Agency focusing...more
On September 4, the California Privacy Protection Agency issued an enforcement advisory regarding “choice architectures that have the substantial effect of subverting or impairing a consumer’s autonomy, decision-making, or...more
On September 4, 2024, the California Privacy Protection Agency (CPPA) issued Enforcement Advisory 2024-02 which addresses the use of “dark patterns” in user interfaces under the California Consumer Privacy Act (CCPA). This...more
On Saturday, August 31, the California legislature closed its 2024 session. During the past calendar year, we tracked numerous privacy and AI-related bills with fourteen of them passing out of their chamber of origin prior to...more