In a shocking turn of events, a Superior Court for the County of Sacramento issued a ruling on June 30, 2023, enjoining the enforcement of the California Privacy Protection Agency’s (the “Agency’s”) California Privacy Rights Act (CPRA) modifications to the California Consumer Privacy Act (CCPA) regulations until one year after the regulations have been finalized. We previously issued an alert reminding businesses that the CPRA amendments to the CCPA become enforceable starting July 1, 2023, but, in accordance with the court’s ruling, the Agency’s recent modifications to the CCPA regulations to account for the CPRA’s changes to the CCPA now will not become enforceable until March 29, 2024. Per the court’s ruling, the prior CCPA regulations will remain in effect until the new regulations become enforceable.Continue Reading Sacramento Superior Court Delays Enforcement of CPRA Implementing Regulations

Written Comments Due by November 21

On November 3, 2022, the California Privacy Protection Agency (CPPA, or the Agency) issued modified proposed regulations implementing the California Privacy Rights Act (CPRA),[1] which revise the

Continue Reading California Privacy Protection Agency Releases Modified Proposed CPRA Regulations: An In-Depth Analysis

On May 27, 2022, the California Privacy Protection Agency (CPPA) released a much-anticipated first draft of some of the anticipated regulations implementing the California Privacy Rights Act (CPRA).[1] The release accompanied the CPPA’s announcement of its next public meeting on June 8, 2022, where the agency will, among other agenda items, consider possible action regarding the draft regulations and the delegation of rulemaking authority functions to the CPPA’s executive director. Ahead of this meeting, on June 3, the CPPA released a draft Initial Statement of Reasons (ISOR) to accompany the draft regulations, which provides an explanation of the purpose and necessity of the draft regulations, along with an FAQ offering further information about the draft regulations and rulemaking process. While the formal CPRA rulemaking process has not yet officially begun, we expect to learn more about a potential schedule for the notice and comment period for the regulations at the CPPA’s June 8 meeting.

For a more high-level overview of the draft regulations’ key takeaways, please see our Wilson Sonsini Alert.
Continue Reading California Privacy Protection Agency Releases Draft CPRA Regulations – An In-Depth Analysis

Imagine you receive an inquiry from a state Attorney General (AG) about your privacy or security practices, and you aren’t sure what to do next. Maybe it’s because you have been concentrating on compliance efforts related to the California Privacy Rights Act (CPRA) and other new state privacy laws coming into effect, and you haven’t focused as extensively on the existing suite of state privacy or security laws, or on state AG enforcement of federal privacy laws, that may in fact apply to you. In this advisory, we provide a snapshot of recent privacy and security enforcement efforts by state AGs.1 Next, we offer some general tips on how to avoid getting into trouble with state regulators. Finally, we suggest what to do if, despite your best efforts, you become the subject of an inquiry.

Recent significant state AG enforcement efforts include:
Continue Reading Privacy and Security Enforcement: State AGs Flex Their Muscles