California privacy regulator unveils new cyber, risk, and automation rules
By 
Adrianne Appel2025-08-22T19:05:00
Businesses operating in California will need to meet new, first-in-the-nation privacy requirements for cybersecurity, risk assessments, and automated decision-making technology (ADMT), under a large expansion of rules by the state.
The rules, unanimously approved July 24 by the California Privacy Protection Agency (CPPA), significantly broaden the panel’s oversight of businesses that handle personal data of customers, employees, and the public. These new guidelines aim to strengthen protections for consumers while balancing business concerns, including scaled-back compliance requirements and phased reporting deadlines.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
ArticleCalifornia may create whistleblower program to root out privacy law violations
A California privacy agency plans to seek a whistleblower law, to encourage corporate employees and others to step forward with complaints about egregious privacy violations at their workplaces.
-
ArticleTractor Supply Company hit with $1.35M fine for alleged California privacy violations
Tractor Supply Company has agreed to get into compliance with California’s consumer privacy law and to pay a $1.35 million fine—the largest yet by California—to settle allegations it violated the privacy rights of customers and job applicants.
-
ArticleSeven years in, GDPR faces growing challenges from AI and ‘consent or pay’ models
Europe’s pioneering data protection legislation turned seven years old in May, but the compliance and enforcement difficulties that have dogged the rules since they came into force look set to present both companies and data regulators with fresh headaches for some time to come.
More from Regulatory Policy
-
ArticleCompliance must focus on corruption as EU and U.K. seek to tackle rising risks
Corruption isn’t something that happens somewhere else, in other countries and committed by other people. Nowhere is corruption-proof, and new rules being introduced in the EU and the U.K. aim to focus compliance officers on the full gamut of risks in all jurisdictions and every sector.
-
ArticleEmployment law in the age of AI: Compliance considerations
Employment law in the age of AI is evolving faster than many companies can keep pace. As more states enact AI laws and as more case law piles on, chief compliance officers and in-house counsel must ensure that compliance policies and procedures evolve as AI legal and compliance risks evolve.
-
ArticleCompliance must future-proof AI projects to meet evolving regulations
AI implementations are surging, but many new systems are being abandoned after companies have invested in expensive projects. Now evolving AI regulation is adding to the list of reasons why new systems may fail. Compliance must watch emerging regulatory developments and ensure that any new AI tools are capable of ...