Proposed regs on California Privacy Protection advance to next stage
By on Posted in California, Cybersecurity, Data Privacy

Proposed regulations have been submitted for review.

On February 3, the Board of the California Privacy Protection Agency held its latest public meeting, focused on the anticipated regulations interpreting the California Consumer Privacy Act, as now amended by the California Privacy Rights Act.

The Agency unanimously approved submission of the current set of proposed regulations (available here), which provide clarity on opt-out preference signals, the right to limit the use of sensitive personal information, and new contractual provisions that businesses must include in contracts with service providers that process personal information of California consumers. As planned, the Agency submitted the proposed rules to the California Office of Administrative Law on February 14. The OAL has 30 business days to review and consider approval of the proposed regulations.

In its February 3 meeting, the Agency also unanimously voted to open a public comment period on proposed rulemaking in other areas, including cybersecurity audits, risk assessments, and automated decision-making. The Agency’s invitation for public input (available here) lists key questions for which the Agency is seeking information. Interested parties have until March 27 to submit comments. 

The CPRA’s amendments to the CCPA took effect January 1. While the Agency’s rulemaking process continues to unfold, businesses should not wait for final regulations to begin compliance efforts. This was reinforced by a press release issued on January 27 by the California Attorney General. The press release announced an “investigative sweep” of popular apps in the retail, travel, and food service industries that allegedly fail to comply with consumer opt-out requests or offer mechanisms for consumers to opt out of the sale of their data.  

The Constangy Cybersecurity & Data Privacy team assists businesses of all sizes and industries with implementing necessary updates to their privacy and compliance programs to address these complex and evolving regulatory requirements. If you would like additional information on how to prepare your organization, contact us directly at breachresponse@constangy.com.

TAGS: California, California Consumer Privacy Act, California Privacy Protection, Cyber Team, CyberMonday, Cybersecurity
Facebook Twitter/X Linkedin Email
  • John Babione in a light gray suit with a white shirt and dark navy tie smiles against a light blue and white geometric background.
    John Babione
    Partner

    He regularly defends clients in a variety of complex and high-stakes privacy and cyber-related litigation, including class action data breach suits, wire fraud litigation, and employee data theft actions. John’s experience ...

    More from John: Full Bio | Contact Author | Blog Posts

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 

Search

Get Updates By Email

Subscribe

Archives

Jump to Page

Constangy, Brooks, Smith & Prophete, LLP Cookie Preference Center

Your Privacy

When using this website, Constangy and certain third parties may collect and use cookies or similar technologies to enhance your experience. These technologies may collect information about your device, activity on our website, and preferences. Some cookies are essential to site functionality, while others help us analyze performance and usage trends to improve our content and features.

Please note that if you return to this website from a different browser or device, you may need to reselect your cookie preferences.

For more information about our privacy practices, including your rights and choices, please see our Privacy Policy. 

Strictly Necessary Cookies

Always Active

Strictly Necessary Cookies are essential for the website to function, and cannot be turned off. We use this type of cookie for purposes such as security, network management, and accessibility. You can set your browser to block or alert you about these cookies, but if you do so, some parts of the site will not work. 

Functionality Cookies

Always Active

Functionality Cookies are used to enhance the functionality and personalization of this website. These cookies support features like embedded content (such as video or audio), keyword search highlighting, and remembering your preferences across pages—for example, your cookie choices or form inputs during submission.

Some of these cookies are managed by third-party service providers whose features are embedded on our site. These cookies do not store personal information and are necessary for certain site features to work properly.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek