Skip to content
CPPA

Enforcement of California Privacy Rights Act Regulations May Begin Immediately

The Baldwin Group
|
Updated: April 24, 2024
|
2 minute read

California’s Third District Court of Appeals recently vacated a lower court decision that had stayed the implementation of regulations under the California Privacy Right Act (CPRA) and held that the California Privacy Protection Agency (CPPA), the state agency in charge of enforcing the CPRA, may begin enforcing its regulations immediately.

Employers with employees in California should review the CPRA regulations to ensure that their company is compliant.

Employee data falls within the scope of the CPRA. There is no exemption for workforce members. Thus, information from a person acting as job applicant, employee, owner, director, officer, medical staff member, or independent contractor of the business, now falls under the regulations. This includes emergency contact information of that person as well as information necessary to administer benefits of that person. The regulations are effective immediately, including the requirement to provide certain privacy notices in various situations. Also, regulations that are still in draft form will become effective upon finalization.

Note that personal information subject to the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, or the Health Insurance Portability and Accountability Act (HIPAA) will not be subject to the CPRA. However, employee personal information that falls outside the scope of these laws are subject to the CPRA.

Summary

The Third District Appellate Court ruling concerned the implementation of the CPRA, which was approved by California voters by passing Proposition 24 in November 2020. Proposition 24 amended and expanded the California Consumer Privacy Act of 2018 (CCPA), a far-reaching law that was passed by the state legislature to protect consumers’ privacy rights by providing consumers with meaningful control over how their personal information is collected, used, and disclosed by a covered business.

The statutory deadline for implementing regulations under the CPRA was July 1, 2022. Ultimately, final regulations on seven of 15 delineated subject matter areas were issued on March 29, 2023 (additional regulations are in draft form pending finalization). The California Chamber of Commerce sought a writ petition to delay implementation of the regulations for one year because businesses needed more time to comply, the CPPA had missed its deadline and some of the regulations were still in draft form. The lower court agreed and stayed enforcement for a period of 12 months from the date an individual regulation becomes final. This appellate court decision reversed the lower court ruling.

More Information

The Third District Court of Appeals decision describes the chronological events leading up to its stay of the lower court decision and is available here. The CPRA regulations can be found here. A detailed summary and action steps for compliance from the law firm of Fisher Phillips is available here.


Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

Compliance Alert
BRCC COMPLIANCE ALERT - September 12, 2024
2025 Play or Pay Affordability Percentage Released – 9.02% Overview The IRS released Revenue Procedure 2024-35 on September 6, 2024...
Compliance Alert
Civil Monetary Penalty Annual Index from Health & Human Services for OCR & CMS
Overview The Department of Health and Human Services (HHS) has updated its regulations to reflect required annual inflation-related increases to...
Baldwin Bulletin
Using HSAs, Health FSAs and HRAs for Over-the-Counter Items.
To be reimbursable, over the counter (“OTC”) items must be for “medical care,” as defined under Internal Revenue Code §213(d)....
Baldwin Bulletin
U.S. Supreme Court to Take up State Ban on Gender-Related Medical Care for Minors
The U.S. Supreme Court announced on June 24, 2024, that it would take up a case challenging a Tennessee law...
Baldwin Bulletin
Upcoming Compliance Deadlines - August
Employers must comply with numerous reporting and disclosure requirements in connection with their group health plans.  Please note the following...
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us