Description
In 2025, California passed several new laws that establish an even more comprehensive cybersecurity, data privacy, and artificial intelligence (AI) regulatory framework. It is imperative that companies understand these new requirements and begin taking proactive steps to update and renew documentation, governance, and consumer-facing processes to remain compliant.
On Sept. 23, 2025, the California Office of Administrative Law approved the California Privacy Protection Agency's regulations creating three new areas of compliance under the CCPA relating to automated decision-making technology (ADMT), privacy risk assessments, and cybersecurity audits. These new requirements significantly increase a company's compliance obligations under the CCPA and will be phased in over the course of several years with some regulations requiring compliance as early as Jan. 1, 2026.
There were also significant changes to California's data privacy framework. The new legislation relates to opt-out preference signals to allow consumers to opt out of the sale or sharing of their personal data; expanding data broker registration, data collection, and deletion requirements; reproductive health and location data privacy; and data breach notification timing.
In late 2025, several bills were also signed into law to increase the protection for children from the threats associated with social media and AI. Some of the key requirements of these new laws include requiring an age verification interface, limiting liability defenses for AI developers and users, requiring chatbots to disclose they are AI, and reminding minors to take a break. California also passed landmark legislation regulating the development and deployment of AI models and requiring public, standardized safety disclosures for AI developers.
Listen as our authoritative panel highlights the most significant new data privacy, cybersecurity, and AI laws enacted in 2025 and provides tips for navigating these legislative and policy developments in 2026 and beyond.
Presented By
Mr. Friel is a thought leader in digital media, IP, data privacy and protection, and consumer protection law, with over three decades of relevant experience to address the intersection of law and technology. Having served as a GC for several years in the late 1990s before returning to private practice, Mr. Friel has the necessary expertise to advise clients on making practical and informed business decisions, and help companies and entrepreneurs navigate the complex opportunities created by disruptive technology. With his in-house and private practice experience, he assists clients with creating data inventories, and information governance and data privacy and security programs; developing and implementing policies and procedures for providing consumer data privacy transparency, choice and access; drafting and negotiating privacy and data security provisions for commercial contracts; evaluating privacy impact assessments; addressing data privacy and security issues in merger and acquisitions transactions; structuring personal data transfer arrangements (including cross-border, intracompany, sales and licenses, and disclosures that are exempt from, and/or comply with, certain legal restrictions); drafting and revising external and internal privacy and data security policies and procedures; and addressing complex intellectual property and consumer protection issues related to digital media, advertising and commerce, such as in connection with the development and deployment of artificial intelligence, tailored and targeted advertising practices, and digital transformation and data commercialization strategies. Mr. Friel is a sought-after speaker and is affiliated with UCLA as an assistant professor in a multidisciplinary project at the Graduate School of TV, Film and Digital Media, and is an adjunct professor at Loyola Marymount School of Law.
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
-
Date + Time
- event
Wednesday, January 7, 2026
- schedule
1:00 PM E.T.
I. Overview: California's data privacy and cybersecurity regulatory framework
II. New CCPA rules
A. Automated decision-making technology (ADMT)
B. Risk assessments
C. Cybersecurity audits
D. Opt-out notification requirements and dark pattern reminders
E. Compliance timelines
III. New data privacy laws
A. Opt-out preference signals
B. Data brokers: data collection and deletion
C. Data breach notifications
D. Reproductive health and location data privacy
IV. New laws on children's use of social media and AI
V. Survey of the new AI laws and their implications on cybersecurity and data privacy
VI. Steps businesses need to take now to meet the new requirements within the requisite compliance deadlines
VII. Practitioner pointers and key takeaways
The panel will discuss these and other key considerations:
- What are the key changes and new requirements under the CCPA?
- What are the new legislative changes governing data privacy, cybersecurity, and children's online safety that companies must be aware of, and what are the compliance timelines?
- How do the new AI laws promote the development and deployment of AI while also maintaining safeguards to protect consumer information?
- What steps should companies take now to ensure compliance with California's new cybersecurity, data privacy, and AI legal and regulatory framework?
Related Courses
New California Cybersecurity and Data Privacy Laws: Increased Compliance Obligations; Heightened Enforcement Risks
Wednesday, January 7, 2026
1:00 PM E.T.