- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2024-07-26T12:54:00
The enforcement wing of the California privacy agency is in full swing and engaged in 10 or more investigations of businesses that are suspected of not following the state’s privacy laws.
The enforcement division of the California Privacy Protection Agency, created a year ago, has launched investigations of businesses that number “in the double digits,” said Michael Macko, deputy director of enforcement at the CPPA, during a recent board meeting. The agency was created under the 2020 California Privacy Rights Act, which expanded privacy protections under the California Consumer Privacy Act (CCPA).
The names of the businesses and details of the investigations will not be disclosed unless the CPPA takes enforcement action, which may not be for a number of months, Macko said. It would be unfair to businesses otherwise, he added.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Register for free
Receive the CW newsletter and access CPE webcasts.
Businesses will receive additional time to weigh in on proposed regulations by the California Privacy Protection Agency regarding risk assessments, cybersecurity audits, automated decision-making, and data broker registration before they’re potentially finalized later this year.
Companies with business in California could face tough new cybersecurity mandates under draft regulations that could be headed for formal rulemaking as soon as Friday.
The California Privacy Protection Agency drafted its rules to apply the rights allowed to residents under the California Consumer Privacy Act to automated decision-making technology used by businesses.
Eight large companies, including Mastercard and JPMorgan Chase, have been ordered by the Federal Trade Commission to provide detailed reports about their possibly secret use of artificial intelligence to track customers and use the information to set prices.
Facial recognition company Clearview AI reached a preliminary settlement in a class action lawsuit alleging it violated the Illinois Biometric Privacy Act, with the company agreeing to compensate victims with stake in the company.
The General Data Protection Regulation has been in force for nearly six years. Some industries—and some companies—have been more prone to fall foul of the rules than others.
