Description

Businesses subject to CCPA risk assessment requirements must begin compliance with new regulations for privacy risk assessments. These assessments must evaluate the benefits and risks of processing personal information for specified purposes, including automated decision-making technology.

Requirements

Identify processing activities requiring risk assessments
Evaluate benefits vs risks of data processing
Assess automated decision-making technology risks
Document risk assessment findings
Implement mitigations for identified risks

Applicable To

Businesses meeting CCPA thresholdsOrganizations using automated decision-makingBusinesses engaged in high-risk processing

Penalty Information

⚠$2,500-$7,500 per violation.

Passed

137 days ago

January 1, 2026

Share:X in @

Framework

CCPA/CPRA

California Consumer Privacy Act / California Privacy Rights Act

Related CCPA/CPRA Deadlines

CCPA Cybersecurity Audit Regulations Take Effect
January 1, 2026
CCPA Annual Privacy Policy Update
January 1, 2026
CCPA Universal Opt-Out Mechanism - Multi-State Mandate
January 1, 2026
CCPA Consumer Request Process Review
June 30, 2026

CCPA Risk Assessment Requirements Take Effect