• |

    Mar. 4, 2026

CalPrivacy Director Discusses New Audits Division and Other 2026 Actions to Come

The California Privacy Protection Agency (CalPrivacy) has already had a busy 2026. Since the start of January, the agency hired its first chief privacy auditor, launched an Audits Division to review companies’ compliance, opened the Delete Request and Opt-Out Platform for consumers, and, most recently, sponsored a novel bill to incentivize privacy whistleblowers. Signaling ongoing active enforcement, on March 3, CalPrivacy issued a decision requiring PlayOn Sports to pay a $1.1 million fine for privacy violations involving students. CalPrivacy Executive Director Tom Kemp spoke to the Cybersecurity Law Report about these developments, the next phases of enforcement and rulemaking, considerations for business leaders and what else lies ahead in 2026 for the agency and the companies it regulates. See “Outgoing CPPA Board Member Discusses Rulemaking and Looming Privacy Issues” (Sep. 25, 2024).

A Practical Cross-Functional Framework for Efficiently Driving Risk and Compliance Decisions

In fast-moving environments where privacy, compliance, security, product priorities and broader business goals intersect, organizations must make rapid calls while aligning multiple stakeholders. As delivery cycles accelerate, a structured decision-making approach that balances speed with accountability is essential to prevent launch delays, regulatory exposure, internal friction and erosion of trust. In this guest article, Pari Sarnot, former privacy, risk and compliance manager at Meta and Grant Thornton, outlines a practical decision-making framework, grounded in objective criteria and real-world application, to help cross-functional teams navigate complex risk and compliance choices across organizations of any size. See “Eight Tips for Building a Cross-Company Compliance Network” (Sep. 17, 2025).

Assistant AG Highlights Colorado’s Next Phase of Privacy Regulation

Colorado continues to sharpen its privacy regime. Since adopting its privacy act (CPA), which took effect in 2023, the state has steadily refined both the statute and its regulations. Colorado Assistant AG Andrea Lowe, speaking at the Bridge 2026 privacy summit, walked through the latest CPA amendments on strengthening protections for biometric data, minors and other sensitive information, and outlined the AG’s enforcement priorities. She highlighted multistate coordination, the investigatory sweep on global privacy controls, and heightened scrutiny of sensitive data, mobile apps and data protection assessments. This article distills her comments. See “Colorado Privacy Law Finishes Third, but Could Become the New Standard” (Jun. 23, 2021).

Most-Read Articles