Posts

Showing posts with the label state privacy assessment requirements

A MoFo Privacy Minute Q&A: Key Steps in 2026 to Comply with State Privacy Assessment Requirements

Question:  Do I need to complete state privacy risk assessments in 2026? I know some CCPA deadlines aren’t until next year, but how can I prepare my team to comply with state privacy assessment requirements? Answer:   The start of the year is an excellent time to review and update your organization’s privacy assessment process, particularly in light of new regulations under the CCPA . It is likely that you will need to conduct privacy assessments in 2026 , though it depends on your organization’s data processing activities and which state consumer privacy laws apply to your organization. The CCPA’s new requirements include: Undertaking a risk assessment if the organization is “selling” or “sharing” personal data, processing sensitive data (with limited exceptions), using automated decision-making technology (ADMT) for a “significant decision,” or engaged in other types of processing that present a “significant risk” to consumers’ privacy. Conducting the risk assessment per the...