Skip to content
CPPA

Enforcement of California Privacy Rights Act Regulations May Begin Immediately

The Baldwin Group
|
Updated: April 24, 2024
|
2 minute read

California’s Third District Court of Appeals recently vacated a lower court decision that had stayed the implementation of regulations under the California Privacy Right Act (CPRA) and held that the California Privacy Protection Agency (CPPA), the state agency in charge of enforcing the CPRA, may begin enforcing its regulations immediately.

Employers with employees in California should review the CPRA regulations to ensure that their company is compliant.

Employee data falls within the scope of the CPRA. There is no exemption for workforce members. Thus, information from a person acting as job applicant, employee, owner, director, officer, medical staff member, or independent contractor of the business, now falls under the regulations. This includes emergency contact information of that person as well as information necessary to administer benefits of that person. The regulations are effective immediately, including the requirement to provide certain privacy notices in various situations. Also, regulations that are still in draft form will become effective upon finalization.

Note that personal information subject to the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, or the Health Insurance Portability and Accountability Act (HIPAA) will not be subject to the CPRA. However, employee personal information that falls outside the scope of these laws are subject to the CPRA.

Summary

The Third District Appellate Court ruling concerned the implementation of the CPRA, which was approved by California voters by passing Proposition 24 in November 2020. Proposition 24 amended and expanded the California Consumer Privacy Act of 2018 (CCPA), a far-reaching law that was passed by the state legislature to protect consumers’ privacy rights by providing consumers with meaningful control over how their personal information is collected, used, and disclosed by a covered business.

The statutory deadline for implementing regulations under the CPRA was July 1, 2022. Ultimately, final regulations on seven of 15 delineated subject matter areas were issued on March 29, 2023 (additional regulations are in draft form pending finalization). The California Chamber of Commerce sought a writ petition to delay implementation of the regulations for one year because businesses needed more time to comply, the CPPA had missed its deadline and some of the regulations were still in draft form. The lower court agreed and stayed enforcement for a period of 12 months from the date an individual regulation becomes final. This appellate court decision reversed the lower court ruling.

More Information

The Third District Court of Appeals decision describes the chronological events leading up to its stay of the lower court decision and is available here. The CPRA regulations can be found here. A detailed summary and action steps for compliance from the law firm of Fisher Phillips is available here.


Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

Baldwin Bulletin
Upcoming Compliance Deadlines August 2025
Employers must comply with numerous reporting and disclosure requirements in connection with their group health plans. Please note the following upcoming...
Baldwin Bulletin
The ACA In Mergers in Acquisitions – Part I
August 2025Jason Sheffield, National Director of Compliance Identifying and Mitigating ACA-related Liabilities Arising in Connection with Corporate Transactional Activities Introduction...
Baldwin Bulletin
IRS Announces 2026 Affordable Care Act Pay-or-Play Penalties 
August 2025  Stephanie Hall, Associate Director, Benefits Compliance  On July 22, 2025, the Internal Revenue Service (“IRS”) announced the updated...
Baldwin Bulletin
Navigating “Mini-COBRA” or “COBRA-like” (state continuation of coverage) Requirements: A New Era for ERISA Compliance 
August 2025  Deanna Sizemore, Associate Director, Benefits Compliance  For employer plan sponsors, understanding and complying with various benefit laws is...
Baldwin Bulletin
Navigating Medicare Part D: 2026 Creditable Coverage Changes & Disclosure Essentials for Employers 
August 2025Deanna Sizemore, Associate Director, Benefits Compliance Summary  As we look forward to 2026, employer-sponsored health plans face new considerations...
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us