Skip to content

Enforcement of California Privacy Rights Act Regulations May Begin Immediately

The Baldwin Group
Updated: April 24, 2024
2 minute read

California’s Third District Court of Appeals recently vacated a lower court decision that had stayed the implementation of regulations under the California Privacy Right Act (CPRA) and held that the California Privacy Protection Agency (CPPA), the state agency in charge of enforcing the CPRA, may begin enforcing its regulations immediately.

Employers with employees in California should review the CPRA regulations to ensure that their company is compliant.

Employee data falls within the scope of the CPRA. There is no exemption for workforce members. Thus, information from a person acting as job applicant, employee, owner, director, officer, medical staff member, or independent contractor of the business, now falls under the regulations. This includes emergency contact information of that person as well as information necessary to administer benefits of that person. The regulations are effective immediately, including the requirement to provide certain privacy notices in various situations. Also, regulations that are still in draft form will become effective upon finalization.

Note that personal information subject to the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, or the Health Insurance Portability and Accountability Act (HIPAA) will not be subject to the CPRA. However, employee personal information that falls outside the scope of these laws are subject to the CPRA.


The Third District Appellate Court ruling concerned the implementation of the CPRA, which was approved by California voters by passing Proposition 24 in November 2020. Proposition 24 amended and expanded the California Consumer Privacy Act of 2018 (CCPA), a far-reaching law that was passed by the state legislature to protect consumers’ privacy rights by providing consumers with meaningful control over how their personal information is collected, used, and disclosed by a covered business.

The statutory deadline for implementing regulations under the CPRA was July 1, 2022. Ultimately, final regulations on seven of 15 delineated subject matter areas were issued on March 29, 2023 (additional regulations are in draft form pending finalization). The California Chamber of Commerce sought a writ petition to delay implementation of the regulations for one year because businesses needed more time to comply, the CPPA had missed its deadline and some of the regulations were still in draft form. The lower court agreed and stayed enforcement for a period of 12 months from the date an individual regulation becomes final. This appellate court decision reversed the lower court ruling.

More Information

The Third District Court of Appeals decision describes the chronological events leading up to its stay of the lower court decision and is available here. The CPRA regulations can be found here. A detailed summary and action steps for compliance from the law firm of Fisher Phillips is available here.

Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

Baldwin Bulletin
Question of the Month.
Question: Please confirm whether an employee’s spousal relocation of personal residence to the United States following a period of several...
Baldwin Bulletin
U.S. Supreme Court Hears Arguments Related to Legality of Medication Abortion.
On March 26, 2024, the Supreme Court heard the case of Alliance for Hippocratic Medicine, et al v FDA (5th...
Medicare Part D
Important Update on New Medicare Part D Creditable Coverage Determination.
It was previously reported that the Inflation Reduction Act of 2022 (“IRA”) included certain cost-reduction provisions that may affect Medicare...
PCORI 2024 Fee Payment Amount Adjusted and Payment Reminder.
The annual fee to fund the Patient-Centered Outcomes Research Institute (PCORI) Trust Fund Fee ​is due on July 31, 2024,...
Baldwin Bulletin
Impact of the Religious Freedom Restoration Act (RFRA) on the ACA Sec. 1557 & Title VII of the Civil Rights Act (CRA)
US District Court ruling in Christian Employers Alliance v. EEOC, et al. limits federal government enforcement of ACA Sec. 1557...
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us