California Privacy Protection Agency

Today, the California Privacy Protection Agency (CPPA) began the official public comment period for proposed regulatory action for CCPA updates, cybersecurity audits, risk assessments, ADMT, and insurance companies. ? The proposed regulations are based on several years of preliminary rulemaking activities, including receiving written comments from the public, hosting public stakeholder sessions through the state, and meeting with stakeholders to receive invaluable feedback. The proposed rulemaking package:? ? Updates existing CCPA regulations??? ? Establishes requirements for certain businesses to complete annual cybersecurity audits and conduct risk assessments?? ? Implements consumers’ rights to access and opt-out of businesses’ use of ADMT?? ? Clarifies when insurance companies must comply with the CCPA? Those wishing to submit written comments on the proposed regulations may do so until January 14, 2025, at 6 p.m. PST. The Agency will also hold a public hearing to receive public comment on January 14, 2025. Find more information about the event and read more: https://lnkd.in/gbCTTxBu?

The California Privacy Protection Agency is seeking an experienced and collaborative Executive Director to lead the Agency's strategic initiatives and priorities. This high-level leadership position is an exciting opportunity to lead a dynamic agency at the forefront of privacy protection and policy in California. The Executive Director is appointed by the CPPA Board and works closely with board members to execute the Agency’s mission and fulfill its statutory responsibilities. In partnership with other executive team members, this individual will work collaboratively to ensure the Agency’s goals are effectively accomplished. They are also responsible for maintaining a positive and inclusive work environment and developing strong partnerships with external stakeholders. The final filing date 12/6. Learn More https://lnkd.in/eMM_UaVX

Executive Director Ashkan Soltani announced he will depart from the California Privacy Protection Agency in January 2025. Under Mr. Soltani’s leadership, the Agency made significant strides, including: ? Growing the Agency to approximately 45 employees across seven divisions, ? Finalizing a rulemaking package that added protections to the California Consumer Privacy Act, ? Building a robust enforcement team to uphold individuals’ privacy right, ? Announcing the start of multiple enforcement sweeps and the publication of enforcement advisories, ? Opening dozens of active and ongoing investigations, ? Launching a statewide public information campaign, and ? Establishing collaborative partnerships at the state, federal, and international levels. Mr. Soltani was appointed to his position by the CPPA Board in October 2021 as the Agency’s first employee and has worked diligently to guide the organization to where it is today. Read the full announcement: https://lnkd.in/gpyS-Vhu

The Enforcement Division of the California Privacy Protection Agency (CPPA) has reached settlements with two data brokers — Growbots, Inc., and UpLead LLC —for failing to register and pay fees under the state’s privacy laws.? This latest development comes after a recent investigative sweep of data broker compliance under the Delete Act, which requires data brokers register with the Agency and pay a registration fee annually. The settlement marks an important step in the fight to protect Californians' privacy and sends a clear message: data brokers must be held accountable if they fail to register.? For more information on the settlement, read the full announcement: https://lnkd.in/d3smDMad

Today in San Francisco, the CPPA Board voted to adopt new regulations regarding data broker registration requirements.?? ? The Board also voted to advance a proposed rulemaking package that includes new provisions on automated decisionmaking technology (ADMT), cybersecurity audits, and risk assessments into formal rulemaking. ? ? The newly adopted data broker regulations clarify the definition of “data broker” and outline specific registration requirements, improving the registration process for data brokers. Next, the Agency will move to file the regulations with the Office of Administrative Law for final approval.??? ? Separately, the Board also voted to adjust to the 2025 data broker registration fee for the January 2025 registration period. Businesses that meet the definition of “data broker” must register with the Agency and pay a registration fee. Data brokers can visit cppa.ca.gov/data_brokers for more information or email [email protected] to join the data brokers mailing list and receive regular updates.?? ?? The proposed regulations on automated decisionmaking technology, cybersecurity audits, risk assessments, insurance businesses, and general updates advanced by the CPPA Board today are based on several years of preliminary rulemaking activities. In the coming weeks, the Agency will initiate the formal rulemaking process, and the public will be able to submit formal comments on the rulemaking package.??? ?? For more information on these crucial updates in the rulemaking process, read the announcement: https://lnkd.in/g8BGeTmr

Even though #CybersecurityAwarenessMonth is ending, you can take steps to stay safe online all year long. Visit privacy.ca.gov to learn more tips on how to protect your information.

Today, our Enforcement Division announced a public sweep of Data Broker registration compliance. CPPA’s Enforcement Division stands ready to take appropriate actions against data brokers that have failed to comply with registration requirements. The Delete Act requires data brokers - businesses that buy and sell personal information not collected directly from consumers - to register with the CPPA annually. In addition to the annual registration requirement, data brokers must:? ? Disclose the number of consumer deletion requests and the average response time to the request;? ? Report if they collect the personal information of minors, reproductive healthcare data, and precise geolocation data;? ? Provide a link on their website informing consumers of their rights under the California Consumer Privacy Act. If a data broker fails to register, consumers can file a complaint with the Agency.??Read more: https://lnkd.in/grA-Fhk8

Check out our latest blog post highlighting Cybersecurity Awareness Month! Find tips on how to stay safe online and keep your personal information more secure. Visit privacy.ca.gov/blog to learn how to make cybersecurity a priority year-round.

The CPPA Board will hold a public meeting on November 8, 2024. Information on how to attend the meeting and the amended meeting agenda can be found at https://lnkd.in/gCBYT9SK.?

The Federal Communications Commission Privacy and Data Protection Task Force and the California Privacy Protection Agency’s Enforcement Division have signed a Memorandum of Understanding, establishing a partnership on privacy, data protection, and cybersecurity enforcement. The agencies will share their expertise and resources in conducting investigations to protect consumers. Through this partnership, both agencies can maximize their efforts to best protect consumer privacy, ensure businesses and consumers are well-informed about their rights and obligations, and enforce privacy laws. Read more about the partnership: https://lnkd.in/gK4s7j-4