• Skip to content
  • Skip to primary sidebar

Davis+Gilbert LLP

From our base in New York, we represent a diverse range of clients across the country and around the world.

  • People
  • Services
  • Emerging Issues
Insights + Events
bookmarkprintPDFShare>

Alert, Maintaining Your Competitive Advantage with Proactive Privacy and Data Protection Strategies - February 25, 2022

California Privacy Protection Agency Delays Release of CPRA Regulations

The Bottom Line

  • While businesses are eager to implement new compliance steps to meet the requirements of the CPRA and other new privacy laws, full compliance is not possible until regulators provide final rules stipulating how businesses can achieve such compliance. Therefore, businesses will continue to wait anxiously for such guidance.

CPRA Regulations

With the January 1, 2023 effective date of the California Privacy Rights Act (CPRA) fast approaching, companies have been eagerly awaiting the publication of CPRA regulations from the new California Privacy Protection Agency (CPPA). The regulations were originally set to be finalized by July 1, 2022 — a date that would have given businesses six months to prepare to comply with the CPRA.

CCPA Executive Director Ashkan Soltani announced on February 17, 2022, however, that the CPPA likely will not finalize the regulations until “Q3 or Q4” of 2022. Therefore, companies may have only months — or weeks — to fully develop compliance measures before the start of 2023.

The narrower time period may put companies in a difficult position. They can either (1) start developing their compliance activities based on the existing text of the CPRA and speculation as to what may be in the final regulations, adjusting their programs accordingly when those regulations are released or (2) hold tight and wait for the CPPA to finalize the CPRA regulations before developing a compliance framework on an expedited timeframe.

CPRA Amendments – Employee Data

The California Consumer Privacy Act (CCPA) and CPRA both contained carve-outs from most compliance obligations for certain personal information processed in the context of employment or B2B activities. However, both the CCPA and then the CPRA established a sunset on those exemptions. Without those exemptions, employers would have significant new obligations with respect to their own personnel.  

Two bills have been proposed in the California State Assembly to either push back the sunset period to 2026 or keep the exemptions in place permanently. Since the CPRA sunset period ends on January 1, 2023, businesses will want to pay close attention to the progress of these bills.

Virginia and Colorado

All of these considerations are taking place as the new privacy laws in Virginia and Colorado are also set to go into effect next year. Virginia’s law similarly has an effective date of January 1, 2023, which will add to companies’ compliance-deadline pressure.

Colorado Attorney General Phil Weiser last month — on Data Privacy Day — announced that Colorado is also undergoing a rulemaking process for their new data privacy law, which comes into effect on July 1, 2023.   In making this announcement, the Attorney General acknowledged some overlap with issues covered by California law and expressed a desire to finalize this rulemaking process within one year.  


Download a PDF of this AlertDownload

Primary Sidebar

Related People

  • Attorney Gary Kibel

    Gary Kibel

    Partner

    Area Of Focus

    • Privacy, Technology + Data Security
    • Advertising + Marketing
    212 468 4918
    gkibel@dglaw.com
  • Attorney-Zachary-Klein

    Zachary N. Klein

    Associate

    Area Of Focus

    • Privacy, Technology + Data Security
    • Advertising + Marketing
    212 237 1495
    zklein@dglaw.com
  • View All

Related Services

  • Privacy, Technology + Data Security
  • Privacy Compliance and Internal Policies
  • Data, Digital Media and Ad Tech

Get the latest insights from Davis+Gilbert

Subscribe
  • Sitemap
  • Privacy Policy
  • Terms and Conditions
  • Accessibility Statement
  • About Us
  • Location
  • Subscribe
© 2025 Copyright Davis+Gilbert LLP. Attorney Advertising.
  • People
  • Services
  • Emerging Issues
  • Insights + Events
  • Culture + Community
  • Pro Bono + Corporate Social Responsibility
  • Careers
  • About Us
  • Subscribe
  • Location
This site uses cookies to store information on your device. These cookies either support essential functions of the site or are used to develop analytics regarding usage of our site. Click Accept to continue using the site with our recommended settings or click Decline to disable non-essential cookies.AcceptDecline