Calfornia Consumer Privacy Act

Subscribe to Calfornia Consumer Privacy Act via RSS
Binary 3D Tunnel

New privacy regulations provide insights into California’s approach to ADMT, cybersecurity audits, and risk assessments, while amendments impact compliance with consumer rights obligations.

By Michael H. Rubin, Jennifer Howes, Austin Anderson, Eric Gonzalez, and Sherry Tseng

Long-awaited revisions to the California Consumer Privacy Act (CCPA) Regulations were recently approved by the California Office of Administrative Law on September 22, 2025. These revisions come after a year-long process of debate and public comment and will take effect

Businesses active in California should promptly assess whether the law applies to their practices and start planning towards compliance with the new law.

By Jennifer Archie, Michael Rubin, and Scott Jones

Key Points:

  • A sweeping new privacy law — the California Consumer Privacy Act of 2018 — was signed into law on June 28, 2018.
  • The Act imposes substantial new obligations on businesses that collect, process, and disclose the data of California residents.
  • The Act was drafted, voted on, and enacted in a matter of days, but it will not go into effect for another 18 months: on January 1, 2020. Given this rushed process, changes to the law before its effective data can be expected.

Facing pressure from a significantly stronger ballot measure in the state, on Thursday, June 28, 2018, the Governor for the State of California signed into law the California Consumer PrivacyAct of 2018 (the CCPA). Effective January 2020, this law ushers in widespread changes to California’s law on the information practices for covered businesses collecting, processing, and disclosing information gathered from or about California consumers or their devices.