Proposed regulations have been submitted for review.
On February 3, the Board of the California Privacy Protection Agency held its latest public meeting, focused on the anticipated regulations interpreting the California Consumer Privacy Act, as now amended by the California Privacy Rights Act.
The Agency unanimously approved submission of the current set of proposed regulations (available here), which provide clarity on opt-out preference signals, the right to limit the use of sensitive personal information, and new contractual provisions that businesses must include in contracts with service providers that process personal information of California consumers. As planned, the Agency submitted the proposed rules to the California Office of Administrative Law on February 14. The OAL has 30 business days to review and consider approval of the proposed regulations.
In its February 3 meeting, the Agency also unanimously voted to open a public comment period on proposed rulemaking in other areas, including cybersecurity audits, risk assessments, and automated decision-making. The Agency’s invitation for public input (available here) lists key questions for which the Agency is seeking information. Interested parties have until March 27 to submit comments.
The CPRA’s amendments to the CCPA took effect January 1. While the Agency’s rulemaking process continues to unfold, businesses should not wait for final regulations to begin compliance efforts. This was reinforced by a press release issued on January 27 by the California Attorney General. The press release announced an “investigative sweep” of popular apps in the retail, travel, and food service industries that allegedly fail to comply with consumer opt-out requests or offer mechanisms for consumers to opt out of the sale of their data.
The Constangy Cybersecurity & Data Privacy team assists businesses of all sizes and industries with implementing necessary updates to their privacy and compliance programs to address these complex and evolving regulatory requirements. If you would like additional information on how to prepare your organization, contact us directly at breachresponse@constangy.com.
- Partner
John is a member of the Constangy Cyber Team. He provides compliance advisory services to clients by proactively navigating the legal landscape of data privacy and security. John advises clients on a wide range of state, federal, and ...
The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation.
Subscribe
Contributors
- Suzie Allen
- John Babione
- Matthew Basilotto
- Bert Bender
- Ansley Bryan
- Jason Cherry
- Christopher R. Deubert
- Maria Efaplomatidis
- Rebecca D.C. Eng
- Laura Funk
- Lauren Godfrey
- Taren N. Greenidge
- Seth Greenwald
- Chasity Henry
- Julie Hess
- Sean Hoar
- Donna Maddux
- David McMillan
- Victoria Okraszewski
- Ashley L. Orler
- Todd Rowe
- Melissa J. Sachs
- Scott Satkin
- Allen Sattler
- Brent Sedge
- Ryan Steidl
- Matthew Toldero
- Alyssa Watzman
- Aubrey Weaver
- Robert R. Wennagel
- Rob Yang
Archives
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023