California Consumer Privacy Act (CCPA)

Subscribe to California Consumer Privacy Act (CCPA) via RSS

The California Consumer Privacy Act (CCPA), as amended and effective January 1, 2026, brings the most detailed and sweeping changes since the law’s introduction. If you do business in California or handle Californians’ personal information, here’s what your company must know, and do, to avoid compliance risks.

Expanded Privacy Policy and Disclosure Requirements

The updated

On November 18, 2025, the California Privacy Protection Agency (CPPA) announced the formation of a new Data Broker Enforcement Strike Force within its Enforcement Division. The purpose of this new team is to investigate alleged violations of both the California Consumer Privacy Act (CCPA) and the Delete Act’s data broker registration requirements.

According to the

Mergers and acquisitions (M&A) can be transformative, but hidden compliance risks—especially regarding privacy and data protection—often lurk beneath the surface, especially regarding privacy and data protection. In California, strict laws like the California Consumer Privacy Act (CCPA) and the California Invasion of Privacy Act (CIPA) are being aggressively enforced through litigation. Plaintiffs’ firms are increasingly targeting companies whose websites

California continues to lead the way in digital privacy. Its latest step is AB 566, the California Opt Me Out Act. This new law amends the already robust California Consumer Privacy Act (CCPA) and specifically targets how internet browsers empower users to control their personal information.

AB 566 requires that all consumer web browsers (i.e., Chrome, Firefox, Safari

On July 24, 2025, during a public meeting following public comment, the California Privacy Protection Agency (CPPA) Board unanimously approved amendments to the California Consumer Privacy Act (CCPA). These substantial changes include new obligations for businesses subject to the CCPA. Significantly, the updates emphasize CPPA’s new regulatory focus over AI decision-making and cybersecurity in addition

On July 1, 2025, California Attorney General Rob Bonta announced a settlement with Healthline Media LLC stemming from alleged violations of the state’s consumer privacy law, the California Consumer Privacy Act (CCPA). According to the complaint, Healthline’s privacy practices failed to comply with several core CCPA requirements.

Opt-Out Mechanisms

Under the CCPA, California residents have

This month, the California Privacy Protection Agency (CPPA) Board discussed updates to the California Consumer Privacy Act (CCPA) draft regulations related to cybersecurity audits, risk assessments, automatic decision-making technology (ADMT), and insurance.

The CPPA received comments on the first draft of the regulations between November 22, 2024, and February 19, 2025, and the feedback was

The California Consumer Privacy Protection Agency (CPPA) Board issued a stipulated final order against Todd Snyder, Inc., a clothing retailer based in New York, requiring the company to pay a $345,178 fine and update its privacy program to settle allegations that it violated the California Consumer Privacy Act (CCPA). Specifically, Todd Snyder must update its methods