Privacy Insider Newsletter | Data Privacy News Delivered Weekly

Full Steam Ahead on CPRA Enforcement (Mostly)

Written by Arlo Gilbert | Aug 24, 2023 2:00:00 PM

Hello all, and happy Thursday!  

Remember back in early July when we reported on the delay of CPRA enforcement? If you’ll recall, California Superior Court Judge James Arguelles ruled that because the California Privacy Protection Agency (CPPA) didn’t issue its CPRA regulations until March of 2023, then enforcement ought to be delayed correspondingly. So, rather than begin on July 1, 2023, CPRA enforcement would start March 29th, 2024 instead.  

At the time, we warned that this would not mean that all enforcement would be delayed until 2024. That certainly appears to be the case. CPPA Executive Director Ashkan Soltani stated that “significant portions” of the CCPA’s privacy protections could be enforced starting July 1. 

The CPPA Deputy Director of Enforcement, Michael Macko, said, “There’s no vacation here from enforcement. When we find violations, we will take aggressive action to protect the public.” 

The California Attorney General’s Office is in the midst of an investigative sweep of companies’ compliance in regard to employee data. Meanwhile, the CPPA is investigating data collected by connected cars. 

If you were hoping that the delay in CPRA enforcement meant you could put compliance off for another year, no dice. Clearly, the California Attorney General and CPPA intend to enforce as much of the law as they are permitted to. As for those portions that have been delayed, the CPPA and Attorney General have filed a petition to overturn Judge Arguelles’s decision. 

Best, 

Arlo 

Top Privacy Stories of the Week

Illinois Just Made It Possible to Sue People for Doxxing Attacks 

Governor Pritzker recently signed the Civil Liability for Doxing Act, which makes it possible for victims to sue attackers who "intentionally" publish their personally identifiable information with intent to harm or harass them. 

Read more 

AI Vs. Privacy: How to Reconcile the Need for Sensitive Data with the Principle of Minimization 

In order to train and test AI systems against bias, businesses need access to sensitive data such as race, gender, age, and other demographic categories—but often there is no other business need for such data. How can businesses skirt the line between developing unbiased AI systems and respecting data minimization principles? 

Read more 

CPRA Enforcement Activity Underway Despite Court Ruling to Delay 

Despite a court ruling to delay CPRA enforcement until March, 2024, the California Attorney General’s Office and CPPA have initiated enforcement sweeps. Find out how in the link below. 

Read more 

Ready for the New Swiss Data Protection Law? Implications for Organizations Outside Switzerland 

As of September 1, Switzerland will have an updated version of its 1992 Swiss Federal Act on Data Protection. The new act brings Switzerland into closer alignment with the EU’s GDPR. 

Read more 

Osano Blog: Q: When Should You Get Your Privacy Team Involved? 

Osano’s own Head of Privacy, Rachael Ormiston, dives deep into the subject of privacy collaboration. Check out the blog to learn when and how to work with your privacy professionals in order to maximize compliance, minimize risk, and keep the business running smoothly. 

Read more 

If you’re interested in working at Osano, check out our Careers page