California continues to set the pace for data-privacy standards. On July 24, 2025, the California Privacy Protection Agency (CPPA) approved new regulations under the California Consumer Privacy Act (CCPA) that take effect January 1, 2026.
The Updates Address:
- Automated Decision-Making Technology (ADMT): New transparency rules for AI and other systems that make hiring or employment-related decisions.
- Risk Assessments: Businesses must evaluate how they collect and use personal data—especially when using sensitive information or automation.
- Cybersecurity Audits: Companies processing large amounts of data will be required to perform independent annual security audits.
CCPA Exemption for FCRA-Governed Data:
- The CCPA includes a specific exemption for personal information collected, maintained, used, sold, or shared by consumer reporting agencies and furnishers of information as defined by the FCRA.
- This exemption acknowledges the existing regulatory framework in the FCRA for credit information, preventing duplication of requirements.
-
This means activities such as credit reporting, background checks, and tenant screenings that are regulated by the FCRA are exempt from most CCPA requirements.
These changes reflect the growing focus on AI accountability, data security, and consumer rights. Employers and organizations should review how automated tools and background-screening technologies fit within these rules and begin planning compliance updates ahead of 2026.
Read the full story HERE.
Want to stay informed with frequent Compliance Updates from JDP? Sign up for our Compliance Newsletter today!