California privacy regulator unveils new cyber, risk, and automation rules
By 
Adrianne Appel2025-08-22T19:05:00
Businesses operating in California will need to meet new, first-in-the-nation privacy requirements for cybersecurity, risk assessments, and automated decision-making technology (ADMT), under a large expansion of rules by the state.
The rules, unanimously approved July 24 by the California Privacy Protection Agency (CPPA), significantly broaden the panel’s oversight of businesses that handle personal data of customers, employees, and the public. These new guidelines aim to strengthen protections for consumers while balancing business concerns, including scaled-back compliance requirements and phased reporting deadlines.
Related articles
-
ArticleSeven years in, GDPR faces growing challenges from AI and ‘consent or pay’ models
Europe’s pioneering data protection legislation turned seven years old in May, but the compliance and enforcement difficulties that have dogged the rules since they came into force look set to present both companies and data regulators with fresh headaches for some time to come.
-
News BriefStates like New York, Pennsylvania stepping up to fill regulatory void left by federal agencies
As the Consumer Financial Protection Bureau steps back from its core mission of protecting American consumers, states like New York and Pennsylvania are stepping up to fill the regulatory void.
-
PremiumWhat’s on tap for CPPA from its deputy director of enforcement
Michael Macko, deputy director of enforcement at the California Privacy Protection Agency, described priorities for the agency now and in the near future during a recent board meeting.
More from Regulatory Policy
-
Basic PageDOJ, EPA take legal action against the California Air Resources Board
The U.S. Department of Justice has filed two lawsuits against the California Air Resources Board, claiming it no longer has the legal right to enforce strict emissions rules for heavy-duty trucks.
-
PremiumCompliance in the spotlight as tariffs, sanctions turn into geopolitical weapons
Navigating tariffs and sanctions is becoming a core part of compliance for many companies. As the U.S. and others use economic policies for political aims, compliance teams must adapt to this new geoeconomic trend.
-
News BriefEPA relaunches online portal for thousands of environmental guidance documents
The U.S. Environmental Protection Agency reopened its guidance portal on Wednesday. This online portal is a searchable database of EPA guidance documents, first created during President Donald Trump’s first term and shuttered under the Biden administration.