Formal Public Comment Period for Draft Regulations Extended to February 19, 2025
SACRAMENTO – Due to the devastating wildfires currently impacting the state and to ensure the opportunity for all Californians to participate in our rulemaking process, the California Privacy Protection Agency (CPPA) has extended the formal public comment period on its latest proposed rulemaking package to Wednesday, February 19, 2025.
The package includes updates to existing regulations and proposed regulations for cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and insurance companies. The public comment period opened on November 22, 2024.
The Agency will also host an additional public comment hearing on Wednesday, February 19. As was the format for the January 14th hearing, the meeting will be hybrid so attendees can join virtually or in person in Sacramento. Additional information about the meeting can be found here.
The proposed rulemaking package:
- Updates existing CCPA regulations
- Establishes requirements for certain businesses to complete annual cybersecurity audits and conduct risk assessments
- Implements consumers’ rights to access and opt-out of businesses’ use of ADMT
- Clarifies when insurance companies must comply with the CCPA
Find more information about the proposed regulations by visiting cppa.ca.gov/regulations.
About Us
The California Privacy Protection Agency (CPPA) is committed to promoting the education and awareness of consumers' privacy rights and businesses' responsibilities under the California Consumer Privacy Act.
Individuals can visit privacy.ca.gov to access helpful and up-to-date information on how to exercise their rights and protect their personal information. In addition, the Agency's website provides important information about CPPA board meetings, announcements, and the rulemaking process.
Update August 21, 2025: This announcement previously listed the email address to submit public comment, but as the public comment period has closed, it has been removed.