April 16, 2024

U.S. Privacy and Data Protection | Insights | Apr. 2024 (State Law)

Portrait Kelly Mulcahy
By Kelly Mulcahy

Senior Associate

On March 15, 2024, the California Privacy Protection Agency released its 2024-2027 Strategic Plan, which outline the privacy agency’s values and objectives in California.


The passing of the California Privacy Rights Act of 2020 (CPRA) amended and expanded the California Consumer Privacy Act of 2018 (CCPA). Included in the expansion was the establishment of the California Privacy Protection Agency (CPPA), which has been vested with the authority to implement, enforce, and raise awareness of California’s privacy protections.

As stated by the CPPA’s Executive Direct, Ashkan Soltani, the CPPA’s 2024-2027 Strategic Plan, “...is our road map for the future, with measurable goals and objectives that will further our mission to protect consumer privacy, ensure that consumers and businesses are well informed about their rights and obligations, and vigorously enforce the law.”1

Overview of The Plan

The Plan outlines four major goals, which include:

  • Strengthening public education, outreach and engagement by providing resources, tools, and support for delivering relevant, timely, and accurate information to consumers and businesses
  • Enforcing privacy laws “vigorously” by seeking protection of consumers from violations of their privacy rights through engagement with the regulated community, timely investigations, and enforcement actions (which will include for example, identifying trends through complaint data and attempts to mitigate consumer harm)
  • Strengthen Californians’ privacy rights by ensuring that statutes, regulations, policies, and procedures support and further the mandates and mission of the CPRA
  • Operational excellence to ensure an efficient and effective approach to organizational development, including through the implementation of policies, programs, and regulations

You can review the Plan here.

Advisory Notice

Alongside the release of the Plan, in early April the CPPA issued a pivotal enforcement advisory, zeroing in on the data minimization obligations delineated in the CCPA concerning consumer requests. This advisory marks the inaugural release in a series designed to foster voluntary compliance in anticipation of the agency’s forthcoming enforcement actions. The CPPA is expected to continue to focus on issues such as data minimization and consumer rights, including as related to the “sharing” and “selling” of personal information. Businesses should also take note of any comments about cybersecurity audits and programs, risk assessments, and automated decision-making technology, including for use in connection with AI and marketing.

State privacy laws continue to expand, as outlined in our periodic privacy insights. Most recently, new privacy legislation has passed in Kentucky (Consumer Data Protection Act) and Maryland (Maryland Online Data Privacy Act). Businesses should contact experienced counsel to ensure ongoing compliance with data privacy and security laws.

Kronenberger Rosenfeld, LLP regularly advises clients regarding privacy compliance and defends clients facing state or federal investigations or enforcement actions relating to privacy and advertising issues. Contact our firm using our online case submission form here.

This entry was posted on Tuesday, April 16, 2024 and is filed under Privacy and Data Protection Updates, Internet Law News.

Related articles

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

With the start of the new year, the Federal Trade Commission (FTC) has been active in ongoing privacy issues. Below outlines some key issues being considered by the FTC. Participation...

Read Article

Privacy & Cybersecurity

Novel CCPA/CPRA Enforcement Treats Targeted Ads as Data

In a novel case, the California Attorney General (AG) has treated targeted ads using third parties, such as through routine marketing and analytics cookies, as data "sales." What did the...

Read Article

Privacy & Cybersecurity

Disparity between California’s Privacy Laws and Class Action

The enactment of the California Consumer Privacy Act (“CCPA”) in 2019 strengthened certain privacy protections for consumers. The CCPA protects consumers by requiring businesses to “inform consumers as to the...

Read Article

Privacy & Cybersecurity

4 Ways to Protect Your Crypto

If you own any cryptocurrency, it's important to take steps to protect it from hackers and other bad actors. Here are four ways to do so. Use Two-Factor Authentication for...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online


Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.