This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
List Professionals Alphabetically
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z View All
Search Professionals
Site Search Submit
| 1 minute read

California Regulator Approves the Proposed CPRA Regulations and Targets April Effective Date

The California Privacy Protection Agency ("CPPA") Board unanimously voted 4-0 to finalize the proposed final California Privacy Rights Act ("CPRA") on February 3, 2022.  The proposed final CPRA regulations were released on January 31, 2023,  amending the CPRA regulations released on November 3, 2022. Along with the proposed final CPRA regulations, the CPPA released a draft final statement of reasons and appendices containing responses to the comments received during the public comment periods.  

The proposed final regulations contain no substantive changes from the modifications discussed and adopted at the CPPA board's October meetings. However, the proposed final regulations provide discretionary enforcement reprieve, providing that the CPPA may "consider all facts it determines to be relevant, including the amount of time between the effective date of the statutory or regulatory requirement(s) and the possible or alleged violation(s) of those requirements, and good faith efforts to comply with those requirements." Furthermore, in its most recent meeting, the CPPA began pre-rulemaking activities on its next set of CPRA regulations covering cybersecurity audits, risk assessments and automated decision-making.

The CPRA regulations now enter the final rule making phase and will be sent soon to the California Office of Administratrive Law ("OAL") for review and approval. The OAL has a 30-day review period and has stated in its FAQ that it expects the final regulations to take effect sometime in April 2023 at the earliest, ahead of CPRA enforcement beginning July 1, 2023.

Tags

privacy data and cybersecurity