California privacy regulator unveils new cyber, risk, and automation rules
By 
Adrianne Appel2025-08-22T19:05:00
Businesses operating in California will need to meet new, first-in-the-nation privacy requirements for cybersecurity, risk assessments, and automated decision-making technology (ADMT), under a large expansion of rules by the state.
The rules, unanimously approved July 24 by the California Privacy Protection Agency (CPPA), significantly broaden the panel’s oversight of businesses that handle personal data of customers, employees, and the public. These new guidelines aim to strengthen protections for consumers while balancing business concerns, including scaled-back compliance requirements and phased reporting deadlines.
Related articles
-
ArticleTractor Supply Company hit with $1.35M fine for alleged California privacy violations
Tractor Supply Company has agreed to get into compliance with California’s consumer privacy law and to pay a $1.35 million fine—the largest yet by California—to settle allegations it violated the privacy rights of customers and job applicants.
-
ArticleSeven years in, GDPR faces growing challenges from AI and ‘consent or pay’ models
Europe’s pioneering data protection legislation turned seven years old in May, but the compliance and enforcement difficulties that have dogged the rules since they came into force look set to present both companies and data regulators with fresh headaches for some time to come.
-
News BriefStates like New York, Pennsylvania stepping up to fill regulatory void left by federal agencies
As the Consumer Financial Protection Bureau steps back from its core mission of protecting American consumers, states like New York and Pennsylvania are stepping up to fill the regulatory void.
More from Regulatory Policy
-
ArticleNYDFS to firms: apply cybersecurity rules to third-parties
The New York State Department of Financial Services (NYDFS) wants financial firms to step up their game when it comes to third parties and cybersecurity.
-
ArticleNavigating HHS and FDA’s overhaul of the food and beverage industry
Under the Trump administration, the Department of Health and Human Services and the Food and Drug Administration have been hellbent on eliminating synthetic food dyes from food and beverage products, forcing a jarring and costly overhaul with cascading impacts on the operations of the entire industry.
-
PremiumU.K. FCA establishes framework for unlisted companies to trade shares on a ‘buyer-beware’ basis
Private companies that are keen to trade their shares but do not wish to become listed have gained another way to trade their shares. The U.K. government completed its initial review and published rules for the system in June.