California Adopts Privacy, Cybersecurity, ADMT Regulations and Amendments

August 20, 2025 in CCPA, CPPA, Cybersecurity, Data Privacy, Artificial Intelligence, State Legislation

The California Privacy Protection Agency (CPPA) has adopted final regulations on privacy risk assessments, cybersecurity audits, and automated decisionmaking technology (ADMT), as well as amendments to existing CCPA regulations. Final publication of the regulations is pending review by the Office of Administrative Law, and depending on when that occurs, the regulations will likely take effect 10/1/2025 or 1/1/2026. Some key concepts from these regulations, and actions to consider, are below.

California’s Healthline.com Enforcement Action Shows CCPA’s Teeth – and Sensitive Data Reach

July 09, 2025 in CCPA, Data Privacy, Health + Biotech Privacy, State Legislation

By Mason Fitch and Kate Black

The California Attorney General’s Office (“OAG”) announced an enforcement action against Healthline.com on July 1 that marks a significant development in California Consumer Privacy Act (CCPA) enforcement. This action, accompanied by the largest fine under CCPA yet at $1.55 million, highlights critical areas of consideration for any company engaging in the advertising ecosystem as well as any company that processes sensitive personal information.

California Enacts "genAI" Laws That Introduce New Privacy and Transparency Requirements, Amongst Others

October 08, 2024 in CCPA, Cybersecurity

By Emily Litka

In September 2024, California Governor Gavin Newsome signed a number of new generative AI (“genAI”) bills into law. These laws address risks associated with deepfakes, training dataset transparency, use of genAI in healthcare settings, privacy, and AI literacy in schools. California is the first US state to enact such sweeping genAI regulations.